hacker news with inline top comments    .. more ..    27 Jul 2013 Best
home   ask   best   5 years ago   
I'm learning to code by building 180 websites in 180 days. Today is day 115 jenniferdewalt.com
1453 points by jenniferDewalt  2 days ago   342 comments top 98
sivers 2 days ago 19 replies      
Theres this great story from the book Art and Fear, that's very appropriate here:


The ceramics teacher announced on opening day that he was dividing the class into two groups.

All those on the left side of the studio, he said, would be graded solely on the quantity of work they produced, all those on the right solely on its quality.

His procedure was simple: on the final day of class he would bring in his bathroom scales and weigh the work of the quantity group: 50 pounds of pots rated an A, 40 pounds a B, and so on.

Those being graded on quality, however, needed to produce only one pot albeit a perfect one to get an A.

Well, came grading time and a curious fact emerged: the works of highest quality were all produced by the group being graded for quantity.

It seems that while the quantity group was busily churning out piles of work-and learning from their mistakes the quality group had sat theorizing about perfection, and in the end had little more to show for their efforts than grandiose theories and a pile of dead clay.


Advance congratulations to Jennifer. This is amazing.

freyr 2 days ago 3 replies      
So many hurt egos in this thread.

If you think what she's done is impossible, have you ever devoted 70/hrs a week to a personal endeavor for 6 straight months? Would you have the willpower and perseverance to stay committed and focused?

Also, these are cool sites, infused with a lot of creativity and a refined aesthetic sense, but it's not as if she's claimed to have written an OS or compiler in 115 days. Much of the javascript code is covered extensively in brief online tutorials. Maybe, given 10 hours, you couldn't ingest a tutorial and put your own spin on the concept, but thinking that nobody else could do that is a bit arrogant.

cgcardona 2 days ago 3 replies      
Really great idea Jennifer! This is the kind of initiative and creativity that will surely land you multiple job opportunities.

It reminds me of the steps which I took to transition into working on software professionally full time.

I came to programming relatively late in life when I was 26 and found out that my wife was expecting a baby.

The sudden change facing my wife and I made me take a hard look at my skill set to decide how quickly I could provide for us.

I decided that my interest in setting up wordpress installs as well as tinkering with Photoshop/Illustrator was the surest, safest, and quickest path to a successful career and decided then and there that within 6 months I would have a job as a junior web developer.

To help accelerate this I signed up at my local community college for courses related to getting a web design certificate. Ultimately I took 2 semesters (1 of which was a compressed summer semester) of classes including CS-1, Photoshop, Illustrator, Flash, InDesign, HTML/CSS, PHP/MySQL.

Soon I began to get the feeling that school was moving too slowly. I had joined the W3C HTML5 Working Group and was also participating in the WHATWG and started to realize that I was learning much more by hacking on code in the evenings than I was in class.

During this time I started to create a portfolio showcasing new HTML5 APIs as they would become available across different browsers. Mostly I did this out of my own passion for web standards and wanting to understand the most cutting edge APIs as soon as they dropped. However this portfolio soon became incredibly valuable with regards to landing a job.

During the second semester I got the chance to interview for a local android dev shop (this is in Santa Cruz, CA). I got the job but didn't find Java to be a good fit for my skills at the time and after a couple of months transitioned to another local dev shop.

This company was a rails shop building an app for Walmart's internal network. I got the job based on my HTML5 knowledge and soon found myself learning rails.

Around this time I made the decision to quit going to school and to focus full time on my job. I was at this job for about a year until the company unfortunately went out of business.

Since I left that job I've spent a year and a half at trulia.com where I was on the mobile team building m.trulia.com, Trulia's native windows 8 app, and the suite of webservices powering Trulia's native iOS/Android/Windows apps. Currently I'm at cardfree.com where I'm working with ruby on rails.

The reason I posted this tale is to encourage you to continue what you're doing! When I look back at my short but exciting career I notice that though I feel fortunate to have gotten a couple of semesters of training at a junior college it was mostly always the projects and initiatives which I undertook in my personal and spare time which ended up being the most valuable for me.

There is so much opportunity and demand in the consumer web and electronics space right now that showing this initiative and creating such a strong portfolio will surely land you multiple job offers if that's what you are looking for.

Either way excellent work and I wish you the best of luck going forward!

wellingtons 2 days ago 7 replies      
I have to ask: How on earth do you find the time to do this?

As much as I'd love to do this in order to get my hands dirty on web development and out of systems, I can't ever fathom having the free time available every day consecutively.

I mean, for someone "learn(ing) to code" on Day 1 and by Day 15 doing "Dropping Boxes", it just seems a little far fetched. Obviously you have had a good portion of coding experience and are using -some- level of resources, or you are a savant.

I don't mean to sound rude, I just feel like the readers deserve a deeper level of explanation and cited resources, rather than believing you reinvented Conway's Game of Life by day 108.

Edit: I have to add that this is all very excellent work and good on you for sticking to your goals so far. Clearly you are a very talented individual. Cheers.

cocoflunchy 2 days ago 2 replies      
whbk 2 days ago 1 reply      
From her Facebook, September 2009:"If you don't know already, I've created an iPhone app! I've been working really hard on this and have had lots of fun taking pictures of myself and my friends. Oh, what it does is gives everyone in the picture a HOT or COLD rating. The app is called ruHOT and is available for download for the iPhone and Android phones. Check it out!"

So yeah, highly doubt this is truly her first rodeo. Cool project(s) nonetheless and impressive dedication.

jbp 2 days ago 0 replies      
This kind of dedication is inspiring.

From http://blog.jenniferdewalt.com/post/51616616313/day-58-explo... :

"Tomorrow I head to Pennsylvania to host a bridal shower and bachelorette weekend for my sister. Between the pre-wedding festivities and visiting with family, Im going to be pretty limited on time for building websites. But, the show must go on and I am excited to see what kind of goodness I can create under pressure."

Congratulations Jennifer.

headcanon 2 days ago 3 replies      
I suppose the hardest part of doing something like this, at least for me, would be coming up with a list of ideas of exactly what to create - not just coming up with 180 things, but 180 things that I can reasonably expect to accomplish in one day. Did you come up with that list beforehand, or do you decide today what to do tomorrow, or something in between?Some other random questions that come to mind - What's your daily schedule like during this period? How many hours do you typically spend on a single project? Are you also working during this period, or did you save up some money beforehand?
keiferski 2 days ago 10 replies      
Wow, this is really inspiring. I see that she's hosting them all on her personal domain, but I have a question, if anyone has an answer. What's the easiest/most cost-effective way to host a large number of sites on different domains?

Learn how to use a VPS? Static pages with NearlyFreeSpeech? I've got a zillion ideas (and after seeing this, will be building them soon) but they need to be on separate domains. Paying $5/month or whatever for each is obviously not optimal.

mehulkar 2 days ago 2 replies      
This is awesome. Reminds me of the girl who learned to dance in one year by recording herself every day. Also reminds me of Seth Godin who recommends starting the day by producing rather than consuming and follows the practice by writing a new blog post every day, without fail.

Consistency is so hugely important. Quality is born from quantity.

jqueryin 2 days ago 0 replies      
This is great and all, but I do have to call BS on no previous coding experience. Perhaps she had plenty of HTML experience and wouldn't regard that as coding experience. If you look at her early examples, even on something like day 3, you find the following in the source:

    * Inclusion of a CSS reset stylesheet    * Inclusion of jQuery 1.9.1    * Usage of HTML5 footer tag    * Inclusion of the HTML5 shiv JS
If this wasn't boilerplate HTML being used, I have no idea where a beginner would know these three things on day 3. Perhaps just stumbling upon the right project?

Also noteworthy is the inclusion of an external JS file for loading Google Analytics. Most people have no idea what this is or how to set it up

txutxu 2 days ago 0 replies      
I take my hat off by personal challenge and the technical side of the project.

But I put more kudos on "publishing it".

I'm a self-taught which now can say I'm more than a decade in the industry, but I think I could never publish my "learning" projects because maybe I'm ashamed of their quality.

I think what you have do is nice, and more important is well presented for others to see. So you maybe encouraging others to do the same.

That is the spirit. Great.

jmtame 2 days ago 0 replies      
I looked through your comment history to see if you already answered and couldn't find it. What happened when you got stuck? I'd suspect there were points where you couldn't figure something out; it tends to happen when you become frustrated and you have to take a break. You mentioned that you had no previous programming experience. How much time did you spend learning before you created the first app on day 1?

I ask because this goes against the pattern I've observed in most students. I was involved in starting Bloc, which is an online programming bootcamp. I think the #1 value proposition is having a person there to help when you get unstuck. It's fascinating to see you overcome the learning curve on your own which affects most people trying to learn.

Just so I can fully understand: did you have any human interaction or assistance during this entire time? That to me is the most impressive part of this. A lot of us had TAs, professors, group projects where we worked closely with others. I don't know a single person in my own network who has learned to program on their own without any human help.

Hope it doesn't come across as if I'm belittling what you've done or seem skeptical, this is really impressive!

eat 2 days ago 1 reply      
These comments are infuriating, but not unexpected. So many people who have likely wasted their last 115 days attempting to find every fault with someone who clearly hasn't.

OP: Excellent work, and keep it up. I hope you take the criticisms and disbelief for what they truly are: incontrovertible evidence that you're doing something very right.

rdouble 1 day ago 0 replies      
Did you pre-plan the ideas for the websites?

When doing art, I used to set goals like "do 30 drawings in a month." However, I've found that I just draw the same stuff over and over again if I leave it at that. I have to actually make a theme (draw 30 plants) and even get a detailed list (draw a jade plant, a hydrangea, etc) in order to actually make any progress.

I am curious if you did any planning like this regarding the choice of sites you made?

ekr 2 days ago 0 replies      
I'm going to ignore all the malicious comments about how fraudulent this is. This is an amazing achievement, and it reminds me of a much better way of improving your skills.

Last time I wanted to build a ray-tracer, I starting using the PBR book, and then started learning about Fourier series and transforms, about signals etc. This of depth-first aquisition of knowledge is not very adequate for the average human mind, whose curiosity and motivation are much better served by achieving many short and tangible results, a so-called feedback loop.

Seeing Jennifer and her progress, I'm determined to start a similar project: 1 demo (not necessarily 4k/64k) coded in asm/GLSL per week.That's after I actually finish writing my hobby OS, which is being done in the same DFS fashion (started reading Tanenbaum's book on Minix, it has plenty of references).

stevewilhelm 2 days ago 0 replies      
In the next couple of weeks you might want to look at secure authentication and authorized resource access, scaling, sessions, cross-platform issues, internationalization, adaptive design, etc.

Also might want to revisit some of your existing websites to get some exposure to refactoring, bug fixing, prioritizing feature requests, test based development, performance profiling, etc.

ansdkfus13 2 days ago 0 replies      
This story indeed is very inspiring. I'm a business major turned front-end designer. I worked as a financial analyst for a semi-conductor company for two years and realized I want a career that fosters my creative side. Working with Excel, though I got very good at it :P, all day long made my day very dull and monotonous. I got my husband to teach me how to code (he's a CS major, working as a product manager for a SF company). Now I am fairly proficient in Photoshop, Illustrator, CSS, HTML, and Javascript. Then I made a Python program which analyzes the proper excess inventory to keep for the semiconductor company I worked for, which got me a lot of recognition (the program was prob elementary level and messy but got a credit for being a financial analyst that can code). I quit my day job and I'm working on my startup, for which I'm doing all the front end coding and some of back-end coding as well. Also relocating to SF to pursue this new found passion. I wish the best of luck to Jennifer and other people like her.
DanBC 2 days ago 0 replies      
This is amazing. It's inspiring. I like the rules you set for yourself - a blog post to accompany every website, and releasing the code on github.

It's important that people know the WWW is not out of their reach, and that they can create stuff. This post, and Neocities, strongly feed that "democratisation" of the Internet.

Next it might be a nice idea to do 4 websites, one a month, but polish them so they're standards compliant, as accessible as possible, etc.

espadagroup 2 days ago 0 replies      
Finally someone posting a challenge they're undertaking when they have at least accomplished already some of it. I hate seeing people announce that they are about to do something. This is much much better.
alcuadrado 2 days ago 0 replies      
To be honest, as soon as I read the title I thought "but if you force yourself to deliver something new every day you want have enough time to actually learn new stuff in between", and you proved me wrong. Congratulations!
akurilin 2 days ago 0 replies      
Basically, work a lot. Make sure there's always a chunk of work that's new and challenging, a form of deliberate practice. Also make sure there's a chunk of work that's reinforcing what you already know until it becomes second nature. Rinse and repeat. Kaizen.
booop 2 days ago 1 reply      
In a similar vein, here's a thread of a complete rookie starting from scratch who turned into a fantastic artist by drawing a sketch every day : http://www.conceptart.org/forums/showthread.php?t=870

I guess this works for learning programming too.

donaq 2 days ago 0 replies      
You are super awesome. I have been programming for years and I still don't know how to do some of the stuff you've done for your websites. I'm sure I could easily learn how to, but then it's easy for me because I have the advantage of years of experience. To be able to get to where you are within 3 months is astounding to me and that tells me something about the validity of your approach, so I'm gonna shamelessly rip you off the next time I need to learn a new skill.

Somebody hire this person!

t0dd 2 days ago 0 replies      
Very impressive. It reminds one that complaining about "too much work" is often just a poor excuse for petrifying in a niche of self-satisfaction and comfort. I can't read all of this, browse what you've accomplished in so little time, and doubt the feeling great things are destined for you. Congrats!
jorgecastillo 2 days ago 0 replies      
I am really impressed this gal sure has a promising future as a software developer. I must also say this made me a little sad, she has done in days what I haven't been able to do in years.
kenster07 2 days ago 1 reply      
I have mixed emotions, not about the author, but the implications of this thread. It is great that she shows such dedication to the craft. But has dedication to a craft really become so rare that it is worthy of 900 plus points on hacker news? I know countless software engineers who work their tails off every waking hour, myself included. Do we all deserve hacker news posts? Or should we elevate our expectations?
ValG 2 days ago 0 replies      
An additional anecdote comes from Jerry Seinfeld, (comedian). He says that his goal when he got into comedy (and still to this day) is to write jokes every day. Create a chain of joke writing and keep track of it in a physical way (in his example, a calendar that he marks off with an X every time he sits down to write). You create momentum that you don't want to break, and even though you might not be writing good jokes (good code, etc...) every day, there is still improvement going on. [1]

All anecdote, but it seems to point to the fact that the value of iteration on DOING is more valuable than iteration on PLANNING. (i.e. plan a little bit, and do a lot).

[1] http://www.writersstore.com/dont-break-the-chain-jerry-seinf...

styrmis 2 days ago 0 replies      
This is really great! There are quite possibly many better ways to spend 180 days if you wanted to make money (#1 would probably be completing every Rails tutorial available) but I don't think that is important here. Rather, I find her approach inspiring and it's something that can be applied to any endeavour.

One nice thing that she will have, even if she doesn't make it through the full 180 is a record of her earliest creations through to her latest. Like when keeping a journal she'll be able to refer to it when she's feeling low and see the progress she's made, and she'll have a record of what she's done that transcends her memory.

At my first job I was lucky enough to report directly to the Technical Director of the company who took the time to mentor me on what it means to be a good software engineer. The first thing he had me do is to keep an engineer's journal. The benefits of this would only become clear a few weeks down the line but clear it was: I would encounter a problem I knew I had solved before but couldn't quite recall the solution to; I would flip back to find my notes and there it would be. Fast forward a few months, then a year and the value received from this simple act of keeping an organised journal far exceeded my expectations.

I have since kept the habit going but I feel that more can be done here. On one level you can keep notes for yourself and improve your own productivity. A level up would be to write those notes up on an internal wiki. One level up further and you've polished them into material you can publish to a wider community. One level up again you can inspire others to do the same through your efforts. One such effort that I have seen (outside of Jennifer's) that I think is completely worth anyone's time to explore is Journey of an Absolute Rookie: Paintings and Sketches (http://www.conceptart.org/forums/showthread.php?t=870), 10 full years of recorded progress of a beginning artist that blew my mind. Warning: you may lose a lot of time to that forum thread!

There is something beautiful and powerful in things that have been worked on and tended to for years, things that cannot be rushed no matter what: the only way to have 10 years of recorded progress today is to have started 10 years ago and to have kept it up for the duration. What a present to give to yourself!

carlosgg 2 days ago 1 reply      
Bravo!! I really liked this:"I think the best way to learn is to solve problems that you actually have. This is the primary reason I decided not to follow a course or textbook. By following my own path, I can tackle new concepts and problems in the most logical order possible, which is precisely when I have them. When I have questions, I look them up on Stack Overflow. If I need to make a big jump, like starting a new language or platform, Ill bootstrap off of a textbook only until I get off the ground."
pwelch 2 days ago 0 replies      
As someone else mentioned, I think the hardest part is coming up with idea.

Most of these are really cool! Awesome job.

Tycho 1 day ago 0 replies      
I've thought of doing this before. Make one attempt every day, and see it through. Not just for websites but for other skills like songwriting, drawing, short-story writing, and also other types of programming. Needless to say I never went through with it, but it's good to see someone who has.

Taking songwriting as an example, what's interesting to me is that basically anyone can try it. Sit down with a note pad, think of a tune, and make a verse-chorus-verse-chorus song (chords and riffs are optional extras). No doubt people like Paul McCartney do try this every day, but then there's the vast majority of people who never make the attempt once in their life, despite their being no real barriers.

jbranchaud 2 days ago 0 replies      
Jennifer,I've skimmed through a handful of your projects and they are all very creative, fun and thoughtful. I'd be excited to see what you could do with d3.js (http://d3js.org/). Check it out if you haven't already!
dantheman 2 days ago 0 replies      
Super Impressive, dedicating the time to accomplish this remarkable.
zaph0d 2 days ago 0 replies      
Kudos to you Jennifer. I hope your path inspires many other aspiring programmers.
karolisd 2 days ago 0 replies      
This is inspiring and I'm not sure why. It's not technically impressive, there's far more impressive tutorials and snippets a single Google search away. It's something about the persistence and a desire to learn and improve. It's about the beginner's mind and artistic whimsy. I get to see someone's thought process expressed through a hundred tiny websites.
iguana 2 days ago 0 replies      
This is awesome, humbling, and inspiring at the same time.

(There were 180 comments on this story, now there are 181)

j45 2 days ago 0 replies      
How admirable, good for you. I don't have anything more to add than my sincere appreciation for seeing what you're doing, it's a fantastic example.
auggierose 2 days ago 0 replies      
So many envious comments here, ridiculous. Jennifer, this is really inspiring stuff!
zwieback 2 days ago 0 replies      
Fantastic and I'm also glad to see that most of the comments are positive. I was almost afraid to click on the comments link.
DarrenMills 2 days ago 1 reply      
It's a great way that learning to code can produce a ton of content and experimental innovation. Code Academy (and others) listen up: What if everyone produced content while learning to code?
bencollier49 2 days ago 0 replies      
Incidentally, does that remind anyone of the "Cascade Cassette 50"?


The work is of profoundly higher quality, though, I just mean in terms of volume!

anishkothari 2 days ago 1 reply      
Brilliant. Good for you! Suggestion: add some contact information in your profile
fnbaptiste 2 days ago 0 replies      
This is awesome. When I read the title I was expecting a bunch of exercises in layout with different slick UIs and such. I was very surprised by how creative each of these were. They're very fun to go through. And in the end, when it comes to getting a job, this kind of stuff looks way better than "went to school, got this degree".
cheez 2 days ago 0 replies      
Good on you, your progress is amazing. If you want a job, you'll get it.
dataduck 2 days ago 0 replies      
Jennifer, you mentioned you weren't following any kind of course - how did you decide what to build on the next day?
xmmx 2 days ago 0 replies      
I want to learn from your code, but it looks like it's all hidden somewhere?
eagler 2 days ago 0 replies      
Congratulations! I'm impressed how you just got started rather than waiting for "the perfect moment." Your persistence and progress are inspiring. Also, your work doubles as a collection of engaging content ideas for teaching beginning programming :) Thank you!
javadi82 2 days ago 0 replies      
Thanks so much for posting this. This is the most inspiring "show HN" I've seen here.
realrocker 2 days ago 0 replies      
Wow. Unimaginable patience.
zinssmeister 2 days ago 1 reply      
This is pretty cool, but I think spending a bit more time with a bigger project instead of doing 180 small ones would be more beneficial. But maybe her goal is to jump into bigger/long term stuff after the 180 days. Either way, congrats for getting out there and building stuff!
chatmasta 2 days ago 0 replies      
Wow. Impressive dedication, and even more impressive creativity.
tourbillonfunk 2 days ago 0 replies      
Wow, a huge congratulations to you! I'm just starting my journey to become a programmer and am dedicating the same amount of time. You're dedication, patience and work ethic really inspire me! Awesome job on all of your projects.
jaekwon 2 days ago 0 replies      
I tried to splode a bacon bit, but it would not splode.Very disappointed.But love the execution. Good job and keep going!
thejacenxpress 2 days ago 0 replies      
I was leaving the film industry and unemployed for a year. I only did about 4-5 hours a day (had $$ saved) and got far enough to get a great job, but wow. I like that you're not just BS-ing 180 days, but actually challenging yourself.
sanjkris 2 days ago 0 replies      
Just made my middle-school kids' summer break more interesting. If you take all this js knowledge and add android/ios skills, you can increase your hourly fees by 10X. I myself would hire you for my mobile suite of apps.
happypeter 2 days ago 1 reply      
Amazing story, love it. Yes it's all about building wonderful things. I've been doing one screencast per week since 2011, I have to say it's really really lots of fun.
franze 2 days ago 0 replies      
i like day 114 http://jenniferdewalt.com/image_palette/page was looking for an online quick to user color picker just yesterday
jumby 2 days ago 0 replies      
Is fizz buzz broken? A random number is nice, but what if not divisible by 3 or 5 - what do I enter? Example: I got 559.
apathetic 1 day ago 0 replies      
Hi, what day-to-day tools did you uses to create these? I wish I did something like this too instead of just playing all day :(
valokafor 2 days ago 0 replies      
Great Jennifer, you have just greatly inspired me. I will get started, maybe do one site a week instead of a day since I have this thing called full time job!

Keep it up

mjhea0 2 days ago 1 reply      
i'd love to hear more about the resources you are utilizing. plus - how do you find time to work on this for 10 hours/day!?
Abundnce10 2 days ago 0 replies      
It looks like the majority of her Github commits are happening during 6pm-12am http://imagebin.org/265513
throwaway3030 2 days ago 0 replies      
I'm a software engineer. I love this style of learning.

However, if the idea of building 180 different websites in 180 days sounds so unappealing to me I actually winced when I read the title, should I find another career? (real question)

I'd rather do the opposite thing, sell my laptop and do 180 drawings or sculptures in 180 days.

sonabinu 2 days ago 0 replies      
This is inspirational ... find time to dedicate to learning something new
amerika_blog 2 days ago 0 replies      
I wouldn't launch this kind of project without some kind of ace up my sleeve.

I'd either prepare it in advance, vamp it all from the "tutorials," or have some backup code somewhere.

That would be necessary to avoid having a mundane interruption cause the project to fail.

gnus 2 days ago 0 replies      
Jennifer, you are just plain amazing. You are my inspiration.
barlet 2 days ago 0 replies      
This is great.- she is learning to code- she works hard- she is creative with her ideas - everyday- and she is communicating very well - and getting better at it.
shire 2 days ago 0 replies      
Wow this must really time consuming. Really great work. Inspirational
gabeguz 2 days ago 0 replies      
Wow. This is inspiring. I've been programming for years, and don't think I'd be able to create something new every day for 180 days. Major props.
calebhc 2 days ago 0 replies      
This is so awesome! Thanks for sharing your work. :) I really love the Window Master!
exizt88 2 days ago 0 replies      
Ah, but note that Mondrian uses stripes of varying width -- it adds a lot to the piece. Consider trying to make the width individual stripes changeable. This might even provide even some insight into Mondrian's art.
devgutt 2 days ago 0 replies      
I wish I had time to do similar approach solely to learn new things using HN: Hacker News University.
abinop 2 days ago 0 replies      
Dear Jennifer, something tells me this will be the most difficult of the 180 days. If all this buzz does not distruct you, nothing will.
circa 2 days ago 0 replies      
Great job! Will stay tuned for the 65 days left!
atmosx 2 days ago 0 replies      
Congrats, it's amazing what you have achieved.
bobwaycott 2 days ago 0 replies      
This is awesome, Jennifer. Keep up the good work!
ab21 2 days ago 0 replies      
alexdowad 2 days ago 0 replies      
Awesome stuff, Jennifer! Congratulations!
keefe 2 days ago 0 replies      
180 iterations of the same website in 180 days and you have a company :]
austinrory 2 days ago 0 replies      
this is super smart. also, it gives me a good guide for ideas for the sites i want to build as i'm learning to code. THANKS!
tdd1 2 days ago 0 replies      
Cool! That's DEF fun and creative!! :D
vinhnx 1 day ago 0 replies      
Way to go, Jennifer.

Best wishes for you!

akivabamberger 2 days ago 0 replies      
Great idea. Way to go, Jennifer.
progx 2 days ago 0 replies      
Cant wait until Number 180 when you build a complete Web Framework ;-)
maxmem 2 days ago 0 replies      
Who has the time or money to teach yourself to code in 180 days?
marincounty 2 days ago 0 replies      
Steven King vs. Vladimar Nabrakov
rubyclown 2 days ago 0 replies      
It's 180 HTML & Javascript PAGES, not 180 WEBSITES! Big Difference.

Nevertheless, congratulations on your dedication.

smooradian 1 day ago 0 replies      
I have a new hero.
dwdwzzz 1 day ago 0 replies      
i'm curious what kind tools are you using.
wcy 2 days ago 1 reply      
My plan is to learn how to code by reading the code for 180 of Jennifer Dewalt's websites in 180 days.
RakshaC 2 days ago 0 replies      
Really Wow! Quite inspiring.
ron1986 2 days ago 0 replies      
Great Work! Keep Going !!
maxisnow 2 days ago 0 replies      
How cool! Keep it up!
hydralist 2 days ago 0 replies      
this is inspiring
kavithag 2 days ago 0 replies      
Very inspiring! Keep up the good work!
mrcactu5 2 days ago 0 replies      
lucb1e 2 days ago 0 replies      
I thought you said "websites". You mean pages with a single purpose.

It's a good idea though and you probably learn a lot from it, but I wouldn't say that I'd made 180 websites after completing this.

Obama Promises Disappear from Web sunlightfoundation.com
627 points by 1337biz  1 day ago   148 comments top 30
Buzaga 1 day ago 8 replies      
~Protect Whistleblowers: Often the best source of information about waste, fraud, and abuse in government is an existing government employee committed to public integrity and willing to speak out. Such acts of courage and patriotism, which can sometimes save lives and often save taxpayer dollars, should be encouraged rather than stifled. We need to empower federal employees as watchdogs of wrongdoing and partners in performance. Barack Obama will strengthen whistleblower laws to protect federal workers who expose waste, fraud, and abuse of authority in government. Obama will ensure that federal agencies expedite the process for reviewing whistleblower claims and whistleblowers have full access to courts and due process.~


pvnick 1 day ago 8 replies      
I see this as largely coincidental, and nothing nefarious. If you follow the link from the page to the archived version [1], look among the dozens of subjects, click on Ethics, scroll down to near the bottom of the page, you'll see the single paragraph he's referring to. It makes up for about 0.1% of the total content. It's unlikely the administration took down an entire website just to hide Obama's whistleblower promises.

What's more likely is that that, since Hope/Change was the old slogan and "Forward" has replaced it as the new slogan, it's time to take down the old site because it's simply outdated.

C'mon guys let's show a little critical thought and stop looking for conspiracies where they don't exist. It's bad for our credibility. Things are bad enough as it is with the stuff the NSA is actually doing.

[1] http://web.archive.org/web/20130515024407/http://change.gov/...

zdw 1 day ago 1 reply      
One man's terrorist is another man's freedom fighter.

Whistleblowers are frequently viewed by people who disagree with them as whiners, complainers, disgruntled people with axes to grind, and frequently they are all those things, often with nothing more than circumstantial or spurious claims.

Not everyone's a Snowden.

rdtsc 1 day ago 1 reply      
So his supporters are right. He does keep his promises.


By slowly removing the ones he hasn't kept from the list.

ibejoeb 1 day ago 1 reply      
I think this is sensational, but it got me looking around the archive[1], and it's a pretty good read.


Improve Intelligence Capacity and Protect Civil Liberties

* Improve Information Sharing and Analysis: Improve our intelligence system by creating a senior position to coordinate domestic intelligence gathering, establishing a grant program to support thousands more state and local level intelligence analysts, and increasing our capacity to share intelligence across all levels of government.

* Give Real Authority to the Privacy and Civil Liberties Board: Support efforts to strengthen the Privacy and Civil Liberties Board with subpoena powers and reporting responsibilities. Give the Board a robust mandate designed to protect American civil liberties and demand transparency from the Board to ensure accountability.

* Strengthen Institutions to Fight Terrorism: Establish a Shared Security Partnership Program overseas to invest $5 billion over three years to improve cooperation between U.S. and foreign intelligence and law enforcement agencies.


He f'ing nailed 2 of those.

[1] http://web.archive.org/web/20130425003939/http://change.gov/...

ewoodrich 1 day ago 1 reply      
So just to be clear, President Obama's staff took down a transition website that was primarily a link to whitehouse.gov, and this is somehow a scandal because of one of many campaign promises included on the site?

Sure, I guess it could be some sort of conspiracy, but it's equally possible his staff wanted to consolidate web presence. The title on the other hand, implies some direct connection to the whistleblower segment, which has no supporting evidence.

drawkbox 1 day ago 0 replies      
"When one knew that any document was due for destruction... it was an automatic action to lift the flap of the nearest memory hole and drop it in, whereupon it would be whirled away..."
mkr-hn 1 day ago 0 replies      
Regular civics reminder: the Executive is supposed to be the weakest of the three branches of government when it comes to domestic issues. If you want a president who's decent at his/her job (foreign affairs, proposing policy), but don't want him/her meddling with domestic affairs, elect a better congress.

This means actually going out to vote in primaries and main elections at the city, county, state, and federal level. All of these determine how much influence and power the federal government has, and whether or not they're doing a good job.

It's true that finding useful information on most candidates is impossible at the moment, but that's solvable.

gojomo 1 day ago 2 replies      
We have always been at war with whistleblowers.
konklone 1 day ago 2 replies      
This is a simple discovery, but an important one. Change.gov was the President's official transition website, and included a vision for his presidency. It's a central piece of the historical record of the US, and they yanked it from the Internet.

It doesn't matter whether or not the Administration was trying to remove something specific: taking down the content at Change.gov is un-American and un-Internet.

prawn 1 day ago 1 reply      
How likely is it that the pre-pres Obama was as-advertised, but he's now operating with top-level knowledge about the US's place in the power struggles of the world? And that knowledge pushes him to act against some of the friendlier statements he's made in the past?

Could the strength of the US WRT China (for example) be on a knife-edge that warrants the back-pedalling we're seeing?

sehugg 1 day ago 0 replies      
This section of the site has been removed and "revised" before, notably in 2008: http://thecaucus.blogs.nytimes.com/2008/11/18/changes-at-cha...
steve19 1 day ago 2 replies      
Can't someone just file a FOIA request to get a copy of the entire website?

(Just in case archive.org or other archivers missed some of it)

Vivtek 1 day ago 2 replies      
Change I'm forced to believe in.
obtino 1 day ago 1 reply      
Throughout the years of my life I have learned of certain inalienable truths. The fact that politicians are not trust-worthy is one of them.
CamperBob2 1 day ago 0 replies      
Well? He promised "change," didn't he? It changed.
downandout 1 day ago 0 replies      
From NSA to prosecuting reporters for...well...reporting, it is quite clear that one Obama ran for office and a different one actually took office. They are trying to get rid of all the evidence of the many misrepresentations he made in order to get elected, probably so that the next round of Democrats running for office aren't also seen as liars and hypocrites.
6chars 1 day ago 2 replies      
I agree with the first commenter on the link. This is quite a reach. It's unlikely that the order to take down an old, unmaintained site would have come from someone who's in on some sinister agenda to revise history.
christiangenco 1 day ago 0 replies      
All animals are equal, but some animals are more equal than others.
joering2 1 day ago 0 replies      
I wrote about this 31 days ago: https://news.ycombinator.com/item?id=5933806

But is this news surprise to you??

We needs to focus on jobs and middle class and stop wasting time on phony scandals!!

[1] http://dailycaller.com/2013/07/24/obama-repeats-carneys-phon...

This comes after:

- IRS scrutinizing and unconstitutionally profiling people while spending $5MM on "trainings", shutting down operators due to gov cuts while giving contractors 80MM in bonues? phony scandal!!

- 4 US Officials dead in Benghazi almost 1 years ago, no answers, no credibility (people in charge promoted) phony scandal!!

- 1 US Official dead, hundreds of people dead mostly on Mexico soil after DOJ's Fast And Furious mismanage? phony scandal!!

- DOJ spending time on possible civil lawsuit against Zimmerman, while since the tragedy at least 600 murders done by one race on another in Chicago alone. phony scandal!!

- NSA spying on all americans and foreginers intercepting all possible traffic illegally unlawfully and unconstitutionally? phony scandal!!

- Salandra: hundreds of millions given without proper checks to Presidents friends? phony scandal!!

thret 1 day ago 0 replies      
There's something seriously wrong with the entire political system when every single person here is like 'well yeah, he's a politician'.

Those who seek power are not worthy of that power.

msgilligan 21 hours ago 0 replies      
About this time there occurred a strange incident which hardly anyone was able to understand. One night at about twelve o'clock there was a loud crash in the yard, and the animals rushed out of their stalls. It was a moonlit night. At the foot of the end wall of the big barn, where the Seven Commandments were written, there lay a ladder broken in two pieces. Squealer, temporarily stunned, was sprawling beside it, and near at hand there lay a lantern, a paint-brush, and an overturned pot of white paint. The dogs immediately made a ring round Squealer, and escorted him back to the farmhouse as soon as he was able to walk. None of the animals could form any idea as to what this meant, except old Benjamin, who nodded his muzzle with a knowing air, and seemed to understand, but would say nothing.

-- George Orwell, Animal Farm

mtgx 1 day ago 1 reply      
You know, ending the mass surveilling would be a huge achievement on its own (probably by repealing the Patriot Act and the FISA Amendments Act) - but what I'd really like is to get so much support from the people and the Congress, to eventually impeach him. Now that would remain in history, and would teach future presidents a lesson about overextending themselves with the spying. Obviously people like Alexander, Clapper and Holder would be gone in the next second, too, and the FISA Court disbanded.
kolev 11 hours ago 0 replies      
Just because you deleted your promise from the web, it does not annul it. A man who does not keep his word (regardless of price) is no man, but a [insert the C word here].
thetron 1 day ago 0 replies      
All animals are equal, but some animals are more equal than others.
Allower 1 day ago 0 replies      
If this surprises you well then, you are as dumb as they come
informatimago 20 hours ago 0 replies      
In France we have a saying about politicians' promises: "Les promesses n'engagent que ceux qui les coutent.", ie. " Promises are binding only to those who listen to them.". It must be a good thing they try to erase them from the web.


rangibaby 1 day ago 0 replies      
We've always been at war with whistleblowers
AcessoNegado 1 day ago 0 replies      
arcosdev 1 day ago 0 replies      
And that is why you fail.
Google Chromecast google.com
555 points by Zaheer  2 days ago   315 comments top 77
tolmasky 2 days ago 13 replies      
This is exactly what I've been wanting the Apple TV to be for ages. The only thing Apple TV is actually good for is Airplay. There doesn't need to be an OS or a UI for the Apple TV: your phone or tablet will be a better experience for typing and searching for content every time. Its a fool's errand to try to design a UI for a TV that isn't dreadfully painful to use: no one ever wants to interact with something 10 feet away.

This is what the future of TV should be: people should just think of TV's the way they think of their jamboxes: a higher fidelity dumb pipe for their existing content. If Apple turned the Apple TV into an HDMI dongle that solely included AirPlay and included it for free with every iPad and iPhone they sold, it would truly disrupt TV. If I knew for a fact that every new iDevice owner was necessarily and AppleTV owner, I would immediately start making AppleTV-enabled experiences. Overnight the iPad would become a real competitor to game consoles as well.

It just seems so obvious that this is the right way to go. The apps should live on the brain (your device), and the TV should just be an auxiliary screen, nothing more (We certainly don't need YET ANOTHER SDK for writing TV apps). Here's a fun exercise: go to your local Apple Store and ask them what an Apple TV is for today. Then watch them fumble around mentioning "oh if you have Netflix" and "isn't cable hard to use" and just the sheer lack of vision for the product. If it was just AirPlay it would be as easy to explain as an iPod speaker. If they did this, then you could also imagine indie people shipping TV Shows as apps as a viable model for the first time, completely skirting Cable networks.

jcampbell1 2 days ago 11 replies      
> Power cord required (not shown).

What the hell is this about a "power cord". The specs and details are totally not clear. Is this not powered by HDMI? If it requires a power cord, these images are deceptive marketing.

ChikkaChiChi 2 days ago 5 replies      
I think people aren't understanding how awesome this technology is:

1. Every time someone shows you a YouTube video, you spend 10% of your time watching it and the other 90% thinking about that one video you know of that's funnier. With Chromecast, you can queue that sucker up for nexties right from your own phone, without interrupting the video that's currently playing.

2. Chromecast does NOT use the resources of the device used to control the TV for processing...its don't on the dongle itself. This will save battery power, minimize bandwidth consumption, and you can do other things with your phone while watching things on the TV.

3. If it can run Chrome, it can cast to Chromecast. Apple, Microsoft, and Google devices playing together in one ecosystem. No more throwing the babies out with the bathwater.

4. $35.00. Thirty-five dollars for a device that ups the WAF most HTPC nerds have dreamed of for years! I would have bought this at $100!

This is what the Nexus Q was meant to be, but hardware drove the price down dramatically.

I haven't been this excited about a new piece of hardware since the iPhone. This is a game changer.

untog 2 days ago 3 replies      
Worth noting- the $35 Chromecast dongle comes with three months of free Netflix membership (including for existing users), which makes the thing very cheap indeed.
pwthornton 2 days ago 4 replies      
I'm a little confused by this device, and I haven't been able to find the info from Google.

Is it that this device acts like an AirPlay receiver of sorts and accepts a video feed from an approved device or is it that the device simply acts as a remote and the device gets its own stream from Internet sources? The latter is much more intriguing than the former, although both have issues for sure, but hard to complain for the price.

It's an interesting concept either way. I don't see it as a huge threat to the Apple TV or Roku, as both do a lot more and have dedicated controllers. Using an Apple TV with an iPhone is nice in some respects, but the wifi connectivity isn't great. A Bluetooth pairing would be exponentially better. It doesn't appear this device uses Bluetooth either.

As I see it, I could envision having an Apple TV or Roku for a main TV and something like this for another TV or for a computer monitor than can support this.

pyalot2 2 days ago 3 replies      
"Sorry! Devices on Google Play is not available in your country yet.We're working to bring devices to more countries as quickly as possible.Please check back again soon."
ryandvm 2 days ago 0 replies      
I'm curious to see what kind of Chromecast support they build into Google Hangouts.

Right now we have meetings on-site and usually have one person in the meeting running a Hangout on a laptop to communicate with the remote folks. Being able to have a "portal" to all the remote attendees would be awesome.

joosters 2 days ago 0 replies      
Whats the privacy policy? Do I need a Google / Youtube account to use it? Just what data is shared with Google? E.g. Will all my viewing habits be stored? Will Google ads on my browser suddenly target me based upon my TV use?
dm8 2 days ago 2 replies      
If it works as advertised, this could be disruptive. They made it dead simple to stream content from any device to your TV. So anyone can use it, particularly the older generation.

Potential for number of apps that could be developed is endless. Apparently, Washington Post is building an app on top of it (http://t.co/dTWesNOoIC). So possibilities are endless. And good news - another step towards making cable TV irrelevant.

P.S. I just bought one. Can't wait to play with it's SDK.

darkchasma 2 days ago 1 reply      
Chromecast is not available in your country.

I live in Canada. Apple seems to be able to make this stuff work, why can't anyone else?

rlu 2 days ago 1 reply      
Does anyone know if you can stream non-online videos? Like if I have a video file on my computer and want to play it on my TV, does Chromecast allow for this?
martingordon 2 days ago 1 reply      
It's $35, but it only offers the Airplay receiver functionality of the Apple TV (I don't think it will do display mirroring of computers and Android devices though).

From what I've read (please correct me if I'm wrong), the Chromecast doesn't function as a standalone device. In other words, you need a smartphone/tablet/computer to play things on it. It doesn't have its own interface where you can browse and play content like the Apple TV does.

jscheel 2 days ago 2 replies      
I'm confused. Can it grab and process the stream itself? So, if I pull up netflix on my phone, start a video, then force close netflix, will it still be playing?
smackfu 2 days ago 0 replies      
Makes much more sense as a product than last year's Nexus Q.
amalag 2 days ago 3 replies      
Will this bypass the need for a Hulu Plus subscription for TV watching? Hulu plus allows you to watch Hulu on a big screen device in addition to tablets.
tremendo 2 days ago 3 replies      
Nice, since the Play store says "We are out of inventory. Check back soon." https://play.google.com/store/devices/details?id=chromecast&...I'm confused about it being USB-powered. Does it need to be plugged to both HDMI and USB at the same time?

Edit: The Buy button forwards to the Play store, where it's "out of inventory". They could change the wording to "Sold Out!" and then brag about that.

edtechdev 2 days ago 1 reply      
This is useful for educational purposes, too - wirelessly streaming from a chrome browser or chromebook to a projector (via hdmi to vga adapter).

(An alternative if you have a laptop connected to the projector is to run AirServer to act as a virtual Apple TV, and then either airplay from your ipad or run AirParrot from a windows tablet. Of course Chromecast will be the first solution to work from android tablets, too, since Miracast solutions still seem to be non-existent or not so great.)

rplacd 2 days ago 1 reply      
The Chrome and Android teams don't seem to be great bedfellows, it seems - it isn't clear to me what demarcates Chrome-branded products from products running Android in areas far from their original targets.
rdl 1 day ago 0 replies      
I wonder how best to use this with a local Plex Media Server. I only really have one projector/ht directly attached to the media server right now, but in a future where I have N TVs throughout the house, it would be nice to have a $35 device on each to stream content. AppleTV support is pretty weak for PMS.

I'd really prefer wired gig-e, though. 802.11n is borderline for a busy network with several video streams. At that point I'd end up running a bunch of separate wifi APs, which raises the cost to where real wired devices start to be cheaper again.

Ricapar 2 days ago 1 reply      
Any word on if I can stream whatever is on my Android screen to this?

There are many times where I have pics on my phone (either via the phone's camera, or Picasa, G+, etc) that I want to show people at home - but there's no easy way to show them without having to pass around a tiny screen.

lnanek2 1 day ago 0 replies      
This doesn't seem much different from the MediaLink HD that HTC has had for over a year now. Although that ran Android and this runs Chrome. Both were capable of talking to NetFlix and other content URLs directly once they got the WiFi information from your device. This helps devices save battery since they don't have to download the data just to resend it, and don't have to transcode anything.

That said the MediaLink HD often had lag issues that kept it more in the realm of presentations and media and made it difficult for real time games. Even for presentations I'd often carry my own WiFi AP around with me or find ways to get it just to connect between the phone and device to avoid them. Home performance is probably better than conference and event performance.

I recently tried a Netgear Miracast adapter to send HDMI from an HTC One and the lag is completely gone. I haven't tried Google's implementation of Chromecast yet, but I'm suspicious it won't be nearly as lag and trouble free as a WiFi Direct only device like the Netgear, though. You have a whole extra OS running device in the chain to make things a pain. So I'm suspicious the extra complexity isn't worth it for this class of devices.

kleiba 1 day ago 0 replies      
With Chromecast, you can easily enjoy your favorite online entertainment on your HDTVmovies, TV shows, music, and more from Netflix, YouTube, Google Play, and Chrome

...as long as you live in North America.

shanselman 2 days ago 0 replies      
It'd be epic if this supported ALL the "AirPlay" type tech...PlayTo, AirPlay, whatever "throw my video up there" formats exist.

I like the price and ordered one, but if it only supports Google's format, that'll be a bummer. I want this for AirPlay.

marcamillion 2 days ago 2 replies      
This is cool....the only thing that is a bit annoying is the fact that the audio won't be 5.1, it will likely be stereo.

I mean, for YouTube videos it doesn't matter.

But if you are streaming a movie or something, then that may be an annoyance.

But that could just be me.

This is assuming that you have a digital audio source plugged directly into your receiver ofcourse, as opposed to your TV.

ambiate 2 days ago 1 reply      
The device has a microUSB port. The microUSB powers the device. The device plugs into the HDMI port. The device requires a microUSB powered cable to operate while plugged in through HDMI.
vinhboy 2 days ago 0 replies      
This is a $35 AppleTV. Well played google.
kayoone 2 days ago 0 replies      
So it seems not to be an actualy HDMI reciever that just outputs your devices screen on the TV so that you can do anything with it like playing back moviews, playing games on the big screen etc ?Thats that, i had hoped it was basically a Miracast reciever..HTC has a similar device called the Media Link HD which does this, its $90 though but seems to be the way to go for me as i dont want to be limitied by whats possible in chrome.
lotu 2 days ago 3 replies      
Okay maybe this is really obvious, but how do I tell a device with no input which wifi network to connect to and what the password for it is?
mahyarm 2 days ago 1 reply      
They should make a cheaper audio only version for the speakers in your bedroom, etc. Kind of like the airport express. Maybe one with just a stereo jack and one with the same ports as the apple TV.
Rayne 2 days ago 1 reply      
This device is really appealing, but I am extremely disappointed that it can only mirror chrome tabs. I'd be much more interested in this device if they would throw out some native applications to mirror a whole screen like Apple's Airplay can.
majurg 2 days ago 0 replies      
Well, just purchased mine. I was a little peeved that my nexus 7 didn't have HDMI-out, but this device looks perfect.
kayoone 2 days ago 0 replies      
Awesome that its so affordable. HTC has a similar device called Media Link HD which costs around $90 and i considered buying it. Chromecast all the way :)
jasallen 2 days ago 0 replies      
Google may have just won the game, with an infinitely more simple approach than Apple TV, Xbox, and PS. What disruption is all about. Not a Google fan boy, but bravo.
TomAnthony 2 days ago 0 replies      
Not available in the UK, but given the specs I'm unsure what should prevent it working as is in the UK?
elleferrer 2 days ago 0 replies      
It's powerful, it's cheap ($35 vs $99 for Apple TV) in no time, this device will be on every other tv. Just imagine all that data...this is definitely a game changer. This is awesome.

Here's an article on the Difference Between Chromecast and Google TV (an Interview with Google's SVP of Android, Chome, and Apps: Sundar Pichai) http://allthingsd.com/20130724/sundar-pichai-on-the-differen...

tjbiddle 2 days ago 0 replies      
Looks like if you refresh enough it will allow you to purchase - Just ordered one. Took a lot less time than the Nexus 4 ordering process ;-)
solnyshok 2 days ago 0 replies      
Some compared this to AppleTV, but I would love to point out sellers of overpriced hdmi cables ($20-60, gold plated bla-bla-bla together with new TV). Also, Samsung sells wifi dobgles for their SmartTVs for $60-80 in my country. Hopefully that business will get more reasonable...
zaidmo 2 days ago 1 reply      
I dont understand how you stream content from your device to the Chromecast.My PC has Windows Media Player, my Windows 8 phone has XBox SmartGlass. Would these applications allow you to stream to the tv. I am abit lost...
dtparr 2 days ago 2 replies      
Has anyone seen thing regarding how setup works? That is, how would I choose a SSID and enter my wifi password since my 'remote' would normally talk to it using wifi?
sergiotapia 2 days ago 1 reply      
Does this work internationally? I mean, it's just a dongle. Can I have a friend purchase it in the US and have it work fine in Bolivia?
tejaswiy 2 days ago 2 replies      
I wish this did a full laptop display mirroring like AirPlay. Looks like this only works with Chrome, so it looks like I can't rent / download a movie on a different service (say iTunes) and play it on my TV.


bostonvaulter2 2 days ago 0 replies      
Did they stop offering the three free months of netflix? I don't see it mentioned anywhere on the page or amazon listing anymore.
umsm 2 days ago 0 replies      
I'll buy this once there is wide adoption. I would like either a Bluray player or VLC to support this.
mrbill 2 days ago 0 replies      
Just bought two - one for each TV in my house. I already have tons of media-streamer devices (TLBB XBMC, Pivos DS, Roku, etc) but they should be nifty.
ctdonath 2 days ago 0 replies      
Any bets on how soon Apple respond by opening the long-rumored AppleTV App Store?
cyanbane 2 days ago 0 replies      
If this works as an access point I wonder what the pairing will consist of and how easy it would be to stream "things" to neighbor's houses.
nausher81 2 days ago 0 replies      
Chromecast chrome extension works on PS3 YouTube App.

I just tried today and noticed, with the Chromecast extension for Chrome (https://chrome.google.com/webstore/detail/google-cast/boadge...) installed.

I am now able to push YouTube videos from my laptop to my PS3 (YouTube App). This makes searching videos just so much more easier.

scarlson 2 days ago 1 reply      
At the same price as a Raspberry Pi, why would I want one?

For me, the only benefit I see to the Chromecast is frequent travel for use on hotel televisions. Otherwise, an HTPC is going to provide superior functionality at the same cost.

johnmurch 2 days ago 0 replies      
So it's like an apple tv where you can push streams from your iOS or andriod device (e.g. youtube) but what about browser/app integration?

I would love to be able to create a "widget" that sits on my tv and has internet. I could think of a ton of things. Like snapchat but for videos .. just saying :)

msoad 2 days ago 1 reply      
What is maximum video bit-rate this can handle? Can this do real 1080 with 7.2 audio?
eloisant 2 days ago 1 reply      
Any doc about what developers have to do to support Chromecast?
etler 2 days ago 1 reply      
I think it's cute how Google checkout pretends they don't already know your home address and phone number. :)
ttflee 2 days ago 0 replies      
I can smell the blood in a niche market.


alpb 2 days ago 1 reply      
Would it work to stream MacBook screen to a TV?

Because the system seems generic and it could bring AirPlay to any TV.

mrbill 2 days ago 1 reply      
Listed, but not yet available to purchase, on Amazon: http://www.amazon.com/gp/product/B00DR0PDNE
sthomas1618 2 days ago 0 replies      
Will I be able to use free Hulu on Chrome through it? If so, this could make subscribing to Hulu Plus unneeded.
induscreep 2 days ago 0 replies      
So it's a portable Apple TV...very interesting to see all that functionality in such a small form factor.

Still, nothing that a 5$ HDMI cable from my PC to TV cannot accomplish.

general_failure 2 days ago 0 replies      
This is a great Roku 3 competitor! Except roku can't play youtube.
teamonkey 2 days ago 0 replies      
Best Buy is listing the model number as "H2G2-42"
jeena 2 days ago 0 replies      
As always I'm not allowed to buy it because I live in Europe (Sweden).
smmnyc 2 days ago 0 replies      
I wonder if this is why Google never released a YouTube channel for roku devices.
mmcclellan 2 days ago 1 reply      
Hmm, this specifically mentions Chrome for Mac and Chrome for Windows. That very well may mean no capability for Linux yet. It also doesn't implicitly say Chrome OS, so maybe Chromebooks won't work either.
YellowRex 2 days ago 1 reply      
So who is writing an app to trigger streaming from a local network file share?
leetreveil 2 days ago 0 replies      
Does anyone want to buy one for me and ship it to the UK? I'll make it worth your while...

Email me: leetreveil@gmail.com

jahmed 2 days ago 0 replies      
So its a streaming Chrome 2 Phone.
etler 2 days ago 1 reply      
Sorry OUYA. This will play any android game. :)
cpprototypes 2 days ago 1 reply      
The "Buy Now" page has two options now: Google Play and Amazon. If I buy it through Amazon, do I get the 3 months netflix? Or is it only through Google Play?
pawrvx 2 days ago 0 replies      
V2 feature requests:Support MHL (Power over HDMI)Windows Chromecast audio driver/chromecast monitor. So any media player can play to Chromecast...
mikeleung 2 days ago 0 replies      
its available to purchase on amazon now: http://www.amazon.com/gp/product/B00DR0PDNE/ free shipping with prime

fyi you can probably still cancel your order on google play store, I cancelled mine 45 mins ago...

wnevets 2 days ago 3 replies      
I already have a "smart tv", what does this give me that I dont already have?
zensavona 2 days ago 0 replies      
As always, not available in Australia...
GoNB 2 days ago 0 replies      
I have a 30" desktop monitor (Dell u3011) that I use as my "television". I can now stream a video from my iPad to my 30". My monitor doesn't have speakers. Can I still listen to audio through headphones connected to my iPad? I'm assuming yes.
subb 2 days ago 2 replies      
As always with Google, you need to ask "What's the marketing strategy behind this? Why are they making this device?"

My guess : Yet another way to consume more medias / using Google services.

ampsonic 2 days ago 4 replies      
I wonder how long until they are available on Amazon.
shuri 2 days ago 0 replies      
readysetgo 2 days ago 0 replies      
Oh I thought this was hacker news, not advertising for giant companies that don't need it news.
Why I cancelled my TechEd talks goodenoughsoftware.net
473 points by ohjeez  2 days ago   176 comments top 24
BrentOzar 2 days ago 6 replies      
I've spoken at TechEds in the US and Europe, and been in the top 10 for attendee feedback twice.

I'd never speak at TechEd again, and I told Microsoft the same thing, same reasons. The event staff is overly demanding and inconsiderate of speaker time. They repeatedly dragged me into mandatory virtual and in-person meetings to cover inane details that should have been covered via email. They mandated the color of pants speakers wore. Just ridiculously micromanaged.

danso 2 days ago 1 reply      
What I appreciate about the OP is that he has plenty of reason to get mad, but he also recognizable the failure as a result of systematic flaws: the lack of point people and support staff, for instance. I hope I can show as much reasonibility as the OP if I ever get caught in a shitty bureaucratic mix.
sriramk 2 days ago 1 reply      
This is sad because this is the opposite of my pre-Microsoft TechEd experience.

When I was in school, I got asked to do a demo for a Senior VP's keynote at TechEd to demo how a student would use Visual Studio. My parents happened to be in the vicinity and I was chatting with them outside the conference venue when a Microsoft employee walked by and asked who they were. When I told him, he asked me to get them inside so they could watch my talk in the big keynote hall, no passes required. That's the only time my dad has ever seen speak me in public and was a very special moment - it probably influenced how I perceived Microsoft and it's employees at a young age.

This particular case smacks of no one with any such decision making authority (basically a full time employee at Microsoft) present there who could help.

singular 2 days ago 1 reply      
I can understand (though find it ridiculous) that they didn't want to give his wife a ticket, but to propose simply leaving her outside the venue alone? What the actual fuck? Was there not a human-based moment of common sense here, or at least marketing sense from Microsoft?

When people behave like that, the umbrella of some corporate behemoth doesn't prevent me from from feeling pessimistic about people (both those in question and often generally.) Sigh!

shanselman 2 days ago 2 replies      
This sucks. However it's never been my experience, and I've brought my wife to a half-dozen techeds on three continents. Sounds like systematic misunderstandings that added up into one big mess.

(I've ignored the dress code for 15 years, FWIW)

Stealx 2 days ago 1 reply      
As someone who as exhibited at TechEd before, it's a poorly run event contracted out to the lowest bidder... just like he said.

It's the Microsoft way, their events are a reflection of how Microsoft truly is.

interpol_p 2 days ago 0 replies      
Wow this is horrible. I hope Microsoft does something to rectify this.

I had the complete opposite experience speaking at One More Thing in Australia. The organisers completely took care of my wife and infant son, were constantly on-hand to provide any assistance. They went beyond what I expected.

joshuaellinger 2 days ago 0 replies      
Repeat after me:

    Microsoft 201X is IBM 199X
Then everything starts to make sense: Surface. TechEd. Windows Phone.

ceautery 2 days ago 0 replies      
It sounds like they treated you poorly, and I'm naturally inclined to side with people who would abandon the exposure that a set of TechEd talks would bring in favor of not ignoring his wife, but...

...did you make your wife's inclusion part of the contract? To the folks you dealt with on site, it may have seemed that you were springing something unexpected on them at the last second. "Hey, my wife gets in free to take pictures or I walk."

Yes, it should have been trivial for them to allow that, but is it possible you came off as a bully? I wouldn't have made the same decision as they did, but I can imagine a scenario when bringing up your wife in the 11th hour would have gotten my ire up a little.

edandersen 2 days ago 12 replies      
I don't think they expected him to bring guests to a tech conference. What if he brought his kids as well? Grandma? Free $2000 tickets for all? Remember that the hired guns at these events are not paid to think, just follow orders. He should have got special clearance weeks in advance for free entrance for his family - that's the uncomfortable truth.

He will probably live to regret this as a speaking gig at TechEd as a non-MS employee is not to be sniffed at and now he has shunned the Borg - whom he must be pretty invested in skills wise to be invited in the first place. His wife could have gone and done some sightseeing while he works for a few hours.

alan_cx 2 days ago 1 reply      
Off topic, but I do love his web site.
lnanek2 1 day ago 0 replies      
I've run into some bad situations due to lowest bidder staff at conferences as well. One travel agency agreed to a bulk rate, then started charging everyone full price after the first 5 or so people. Meanwhile there were plane and visa deadlines and the like and they did this while they had visas in hand, preventing people from going elsewhere for travel and still making the trip.
marcamillion 1 day ago 0 replies      
I think this is definitely one of the more reasonable 'rants' I have seen.

I would be hella pissed if this happened to me too.

Thanks for the heads-up. After this, I wouldn't even go to a TechEd much less speak at one - I know that you need to be invited, and I am not being so presumptuous to assume that I would be, just saying that if I were....after hearing this story and MSFT's non-response, I wouldn't entertain it.

lancewiggs 1 day ago 0 replies      
For the antithesis of this: webstock.org.nzFamous for spending love and effort on speakers.
xutopia 1 day ago 0 replies      
I know a conference that refused to let a pregnant woman in.
lazyant 21 hours ago 0 replies      
OP acted correctly, actually he could have gone to his talk and explain briefly to the attendees why he was leaving.
subsystem 2 days ago 3 replies      
Meh. While they sure could have been more accomodating, 30 minutes before a talk is not the right time bring up your deal breaking demands.
chadkruse 2 days ago 1 reply      
I wonder how many +1-as-a-service startups we'll see in the next YC batch.
thehme 1 day ago 0 replies      
This conference doesn't seem to be about tech anymore. Glad people are spreading the word, so MS can control & fix the damage. Tech conferences should be cool, interesting, and educational, all regardless of what you wear.
joeevans 2 days ago 0 replies      
Developers! Developers! Developers!
blackprawn 2 days ago 0 replies      
Too bad to hear of your experience. Having stopped MS development 15 years ago I don't miss the way that company treats developers.
ohnjohn 2 days ago 0 replies      
Isn't releasing the detail about the color of pants allowed in breach of some NDA ;)
joeevans 2 days ago 0 replies      
Duh. Microsoft.
Goon 2 days ago 2 replies      
So let me make sure I get this correct - you brought your wife to a conference that it costs nearly $2k to get tickets too and you expected your wife to be able to get in, sans purchasing this ticket. I think your expectations of what you bought are off. Would you expect to get your wife into a movie theater free? A music concert? Unless you worked out special arrangements well in advance how did this even evaluate to a workable situation in your head? Now you rant on HN to get some publicity from the easy to please anti-MS crowd.. can you please post up a "How Go changed my life" article next while we're trolling?
Passive Income Hacker vs Startup Guy mkrecny.com
432 points by mkrecny  1 day ago   243 comments top 53
patio11 1 day ago 5 replies      
The conversation has been known to continue:

SG: "You should join our company as chief growth hacker, since it's a great fit for your skills and experience. You'll work 100 hour weeks. We're thinking $60k a year and 0.5% sounds fair. Come change the way the people $VERB."

PIH: "Where do you get to the part of the sales pitch where I get something out of this deal?"

SG: "Did we mention the free soda?"

(I'm joking... but not by much.)

potatolicious 1 day ago 4 replies      
This post makes me happy :)

> "Worst of all, PIH is probably not trying to make the world a better place through technology."

Don't worry, PIH, Startup Guy isn't either.

There are really two main camps of startup founders I've met. There's the type that really wants to bring a vision to life - they have a pseudo-religious fervor about something, whether it's gaming, transportation, lodging, or something else. They really want to change the world, and it's not just talk.

Then there are ones that are really in it to make money. They want to create a company, exit, and go do what they really want to do. Sit on a beach, roll up to the club in a Rolls Royce, travel, whatever.

It's a sliding scale. Every founder has some balance of being genuinely passionate about what their company does, and the desire to just cash out. All said and done though, the founders I meet tend to lean much further towards the latter than the former.

bpatrianakos 23 hours ago 5 replies      
What a crock. I get that some of this may be tongue in cheek but I really despise this attitude. There's this sort of weird pseudo-religious belief that by virtue of being involved in a startup you're somehow doing the world some great good.

Your new social/local/mobile app isn't world changing no matter what kind of hustler you are, no matter how much hype you put out, no matter how much money you raise. Anyone can be a capitalist for good or bad whether its exploiting a niche market segment on your own or with a startup.

I believe that regardless of whether you're on your own or do a startup, if your motivation is purely financial you can still do the world great good. Similarly, do-gooders with a grand vision can harm the world. Your stupid little messaging app can connect people from around the world and change the way people communicate (throw in some good crypto and you've done even more good for private comms) or your energy startup that's supposed to change the way we fuel our vehicles and provide clean cheap energy forever can end up doing great harm to the environment or put millions out of jobs as a side effect. These are obviously very hypothetical examples but the point is that there's no "motivation + execution = ethical/unethical success" formula.

There's way too many shades of gray to even be able to consider generalizing like this post does.

ilamont 1 day ago 6 replies      
No, the business is bootstrapped.

Bootstrapping is not a crime.

So you just work out of coffee shops and stuff?

Dumping the office or co-working space saves at least a few thousand dollars per year in rent, and potentially transportation costs and commuting time as well.

He's not funded or seeking funding, he doesn't go to the networking events and hasn't been through an accelerator.

I don't care for these things either. They tend to be time sucks and overly focused on investors.

Look, I am skeptical of those Tim Ferris apostles whose "passive income" businesses are based on spammy blogs, apps, and affiliate sites. But don't sleight startup businesses because their methods of operation don't fit your definition of a startup.

lifeisstillgood 22 hours ago 4 replies      
What is a passive income hacker. All I really understand is someone reading the 4-hour work week, and then writing a fifty-dollar pdf on how to feed blue canaries a vegetarian diet with really long sales letters.

I would quite like five figures a month working from starbucks, so if I am missing a trick let me know

lukeholder 1 day ago 12 replies      
Can anyone identify a few example passive income apps that a single developer has managed to support? I know of bingo card creator, but what are some others?
mhsutton 53 minutes ago 0 replies      
I found this post mildly amusing. It is a terribly simplified and mildly offensive comparison of two sets of objectives. Neither of which are actually right.

Startup is a phase - not a stereotype.Teams are not essential to either a startup or what you term a PIH. The skills needed for the challenge are. Not the number of people.Not all startups need nor want outside investment.Not all startups have an idea that will change the world.Not all startups need, want or are suitable for accelerators, incubators or other similar vehicles.Startup is neither better nor worse than a single person building something to improve their livelihood.

Best I can tell, the author equates a startup to what is popular in the press. Young geeks, big rounds of capital raising, buzzwords galore, huge acquisitions and all the hype that goes with it.

I think bunkum like this devalues the efforts of entrepreneurs everywhere and demonstrates such a closed mind in a space where openness is increasingly important.

guard-of-terra 23 hours ago 1 reply      
"Worst of all, PIH is probably not trying to make the world a better place through technology. He's basically exploiting a narrow arbitrage opportunity and is probably either unethical or lazy."

Is this serious? It's epically funny if it is.

Even if PIH is trying to make world a better place, he doesn't have to do that on his "billed" time. He has a lot of time to spare for that.

applecore 1 day ago 10 replies      
Does Passive Income Hacker actually exist, or is this conversation a fantasy?

How many people are there making five figures ($10,000+) in profit a month with their SaaS product? Working by themselves, for only "20 minutes a day", with a full day of product development "every few weeks"?

snoonan 23 hours ago 0 replies      
Ok, I'll speak up as a "PIH". There are a lot of ideas that help people that will never touch VC money or can support a company with all of its overhead. It's not out of laziness. It's how a great programmer should look at all problems -- what here is redundant, manual and gets the most bang for the dev time and CPU cycles?

When you're a team of 1, your I/O bandwidth is almost infinite. If it's all in your brain, you don't have to explain anything, write anything down, have meetings, draw on whiteboards, etc. Your available time to work collapses down to solving specific business problems with every line of code or web page update. Imagine a case where you never have to compromise, argue, make brain dead concessions or spend resources on proving your position. Assuming you are right, and have a good head for business, marketing and writing half-way decent code, you can solve a small problem every efficiently. There are a lot of $20k-200k problems out there to solve that are not worth it for a company of any size to even touch.

ezl 23 hours ago 2 replies      
1. The "unethical or lazy" is what the counterparty says to feel better about their own lives when they're failing. It's human nature to want to believe you're pursuing the best path.

2. I don't understand why people like to draw such a hard distinction. It doesn't upset me that some people prefer sushi to steak. People are entitled to their own lifestyle choices without judgment of those who make alternate choices. This isn't just a software/business/career choice issue. Paleo people love telling everyone else that their diet is the best. Many vegetarians often evangelize to others and imply there are serious moral imperatives at stake. Just because someone isn't doing what you're doing doesn't make them "lazy" or "unethical". On a side note -- I think "pursuing narrow arbitrage opportunities" is often something someone would say with disdain, but that's my flavor.

3. Most startup people aren't particularly making the world a better place anyways.

I'm sure a lot of that is written tongue in cheek, I loved it until the "narrow arbitrage opportunities" and "lazy/unethical" ending.

OldSchool 22 hours ago 0 replies      
Of all income sources, I have to say the passive sort is the most desirable and scalable. You can have as many meaningful hobbies as you want if your bills are paid, unrelated to your participation in commerce.

Sadly, risk-free investment returns have been decimated by 0% funds from the US central bank. We can only hope that we are reaping more rewards through active business as a result, but Fed policy has really punished those who have been financially prudent.

maayank 1 day ago 0 replies      
"But what about dev, marketing, customer service etc?"

"I've automated 95% of the non-dev. The other 5% of non-dev I deal with in about 20 minutes a day. Every few weeks I'll have a big dev day."

Any books/resources with a lot of real world case studies? I'd be very interested to hear many different accounts of such businesses. Here and there you see it on HN, but is there one that has many together?

Dewie 19 hours ago 1 reply      
It is apparent from the comments here that many don`t realize that the author is being sarcastic. I wonder what it is about the delivery that this fact isn't obvious enough? Because I think that there has to be something with the article if so many interpret the tone of it incorrectly.
pmelendez 1 day ago 3 replies      
"He's basically exploiting a narrow arbitrage opportunity and is probably either unethical or lazy"

This sentence made me uneasy. I am not good identifying sarcasm so it might be that but... How one would jump into that conclusion without knowing any detail?

On the other hand, lazy is different from being not ambitious. I had several friends like that (not making 5 figures per month though)and I find that is a very legitimate way of live.

superconductor 23 hours ago 4 replies      
I tried doing the passive income thing. I set up dozens of blogs with adsense, amazon affiliate links and sold software.

What happened surprised me: it was soul-crushing. I felt dirty. Turns out that meaningful work is what fulfills me. Making "free" hands-off money doesn't excite or inspire me. Totally a learning experience.

rwalling 21 hours ago 2 replies      
Oh man...he had me until he called thousands of people, many of whom I know personally, "probably either unethical or lazy."

I think we can all agree that there are multiple ways to approach startups.

The misstep Myles makes is to assume that one approach is somehow superior to another, and then take the further step of insulting everyone who is striving for something different than what he sees as the best option.

We all have opinions on this topic, and it's an interesting discussion to have. But let's try to avoid dogma and judgment.

What's right for your unique situation isn't necessarily right for the 100,000 other people with similar ambitions, but who may be in vastly different life situations or just have different goals than you do.

Oh, and call me when you're 40, married with 2 kids and a mortgage, and you're coding Perl for a bank because none of your startups made you the millions that TechCrunch promised.

6ren 23 hours ago 2 replies      
A self-running business seems cool and magical - like creating a living thing... life! But, I think, for truly passive income (meaning it runs itself), he's right that it does have to be some kind of arbitrage opportunity, that will tend to stay around. By definition, it isn't intrinsically interesting or satisfying. But, in itself, there's nothing wrong with that.

OTOH, I'm not saying startup guying is the only solution - just that satisfaction requires ongoing work. Once you complete your startup (for example), you have to find something else to do - another startup, create YC... something.Why not just do what you find satisfying in the first place? It could be a startup. It could be just to make money (e.g. Warren Buffett loves making money). Or it might be something else.

Here's a twee story about a hand-to-mouth fisherman http://www.rinkworks.com/peasoup/richman.shtml

doctorfoo 21 hours ago 0 replies      
Yay, now I have a label for what I am. A passive income hacker. I don't make a lot (maybe $3K / month), but I work only ~half hour a day on my main money spinner, answering support emails. (Plus, maybe a few months solid every year or so on updating the tech.) I designed it so it doesn't have a DB or user account system, to reduce the complexity and make it easier to scale by one person with only certain skills. Users regularly ask for an account system. I don't add it; I have competitors who do have an account system, and there's no way I could compete with them by myself. A certain subset of users appreciate the simplicity of my service.

When users email me support questions, they get a personal response from the guy who made the thing. They probably don't realise either, since most contacts start with "hey X team" or "hey X guys".

Having said that, I do work a full day, on attempting to start other passive incomes, and on more fun things that have less chance of earning. So I'm not quite living a pure passive income dream yet.

arbuge 1 day ago 1 reply      
"He realizes that Passive Income Hacker (PIH) is not a hustler, he's not funded or seeking funding, he doesn't go to the networking events and hasn't been through an accelerator."

This article rubs me wrong. This paragraph really rubs me wrong. If you're good at hustling for customers, you're a hustler where it matters. Funding (non-customer funding i.e), networking events and accelerators are secondary - lots of America's biggest businesses have been built without them.

The "passive income guy" described in the article reminds me of the Plenty of Fish founder by the way. Most "startup guys" would probably kill to be in his position...

richardlblair 1 day ago 3 replies      
Unethical?? HAHAHAHA. PIH supports themselves, and their family. They aren't a drain on the system, and owes nothing.

Realistically, Startup Guy is pissed because his photo sharing website that allows you to apply filters isn't getting traction.

scottmagdalein 23 hours ago 1 reply      
I think he's being ironic.
Hydraulix989 5 hours ago 1 reply      
What's so bad about being "Passive" Income Guy? This guy is out there monetizing with his self-bootstrapped "boring" SaaS that has real customers, while Startup Guy has blown through multiple rounds of investors' money with his quixotic third-pivot "change the world idea" that still hasn't earned a single penny but is being regularly pitched at circle-jerk networking events to the other benchwarmer wantrepreneur spectators banking on some highly improbable IPO. Wait, who did you say was unethical, lazy, and not a hustler again?
galactus 1 day ago 0 replies      
What do we win by promoting these caricatures?
makmanalp 1 day ago 0 replies      
I think it's just such a truism these days that every company has to (often recklessly) aim for massive growth and fund that by selling off the company, that there's just a lot of cognitive dissonance when you present that that's not the only way companies can work.

It's not necessarily all derision, it's just the mind trying to reconcile new information with old.

icedchai 1 day ago 0 replies      
So, PIH has a profitable business. "Startup guy" is a bullshit artist.
10dpd 23 hours ago 0 replies      
As someone whose Twitter account has been suspended as a result of using the OP's "Passive Income" hack, I wish he would spend more time thinking the project.
lovesgreen 1 day ago 1 reply      
Sounds like jealousy. If you can automate the way you get money, you have 23 hrs and 40 minutes a day to do something without any profit motive for true good. Startups, business, and making money don't have to be a religion.

Bill Gates will do more good with the money he made than he did by creating software.

rdouble 23 hours ago 0 replies      
This was like reading an excerpt of the HN version of "Rich Dad, Poor Dad" but with the opposite conclusion.
readme 23 hours ago 1 reply      
>Worst of all, PIH is probably not trying to make the world a better place through technology. He's basically exploiting a narrow arbitrage opportunity and is probably either unethical or lazy.

Is this supposed to be what "startup guy" thinks, or is it also the opinion of the author? Seems like a pretty jarring assumption, if you ask me.

liam_boogar 3 hours ago 0 replies      
The stereotypes are funny, and startups, by nature, will always be filled with a majority of hustlers, but it may also inadvertently lump an entire group of startup founders -past,present and future- into the "SG pile," whom I think don't belong there.

That being said: i think i've heard this conversation and event had it (sadly, from the SG side in my less-educated days), and I think this conversation is intended to force people to ask themselves "am I a poser or do I want money?" which is a false dichotomy.

I'd rather look at people who want to make money by creating value vs. people who want make money by creating perceived value.

vvpan 21 hours ago 1 reply      
This article is arrogant and pretentious. Come on, it trivializes one side while glorifying the other beyond reasonable. It seems to say that if you work on a startup you are the cool kid, and otherwise you are loser. Just like high school.
isaacb 14 hours ago 0 replies      
This started out so well and I was hoping it would end along the lines of "different hackers with different goals," but steered way off course to some vitriolic attack on the casual hacker lifestyle.

I think if anything, bootstrapping your product to success is far more respectable than taking large sums of seed funding and potentially throwing it all away when you find that your market doesn't even exist.

nathas 1 day ago 1 reply      
How does one become a passive income hacker?
iblaine 20 hours ago 0 replies      
I have to disagree with this post. Passive Income Hackers are usually hustlers with more street smarts than technical skills. Startup Hackers are the opposite.
rubiquity 22 hours ago 0 replies      
Startup-ers can be some of the most self-important people on the planet. "Passive Income Hacker" is making a living for himself and quite possibly his family as well. There's a lot of nobility in that.
PhasmaFelis 20 hours ago 1 reply      
Huh, are there actually Startup Guys who want to "make the world a better place through technology?" I thought the basic plan was "build and maintain an amazing, indispensable service for exactly long enough to get bought out by Google/Microsoft/Yahoo/Apple, then retire to Tahiti while the new owners fire everyone and ruin the product."

e.g. Siri before Apple: http://www.huffingtonpost.com/2013/01/22/siri-do-engine-appl...

bluekite2000 21 hours ago 0 replies      
I m a developer in New York. I have a few good engineer friends I met while living in Vietnam. If any of you here happens to have a product that qualifies as a passive income product and need a tech partner let me know.
MitziMoto 20 hours ago 0 replies      
I honestly cannot figure out which guy (PIH or SG) this article is "making fun of" (maybe it's both?). I've read it twice now, and it can kind of go both ways.

Maybe that's the point.

purephase 23 hours ago 3 replies      
I so want to be a PIH. I just can't get enough free time to put my shit together as my day job sucks it all away.
vladmk 22 hours ago 0 replies      
Am I the only one who dislikes this post because of theassumptions it makes on startup founders? Statistically moststartups are bootstrapped, this was written by someone who is arguably caught up in the silicon valley hype, you don't need to get funded for everything...Also the other guy has obviously built something called a "lifestyle business" google it if you don't know what that is, the noob startup guy is way too nooby to know what that is. Unless the hacker guy is a hacker and is doing something illegal, I don't see why the conversation should get awkward...
duncanwilcox 23 hours ago 1 reply      
Counterpoint (old but relevant):


The article paints non-startup guys as parasites. That's so needlessly polarizing.

The more common definition of the Passive Income Hacker is "lifestyle business", i.e. a business where you don't seek a 10-100x exit.

Personally I think if all you've done or plan on doing is an app or website, calling it a startup is kind of silly.

sockgrant 22 hours ago 0 replies      
It was a great read, until the end where in the last sentence it was really ambiguous whether he was being sarcastic about "He's basically exploiting a narrow arbitrage opportunity and is probably either unethical or lazy."

Everything was so obviously tongue in cheek until that point.

But, the ambiguity was actually welcome because it forces the reader to wonder and in turn choose their position.

It's a fun read.

jackschultz 1 day ago 1 reply      
So what if startup guy disagrees with the choices of PIH? This is another example of conflicting ideologies, and luckily, no one can do something about it. Imagine if there was a politician who didn't like the approach PIH was taking and worked to ban it because he didn't like it. This seems very farfetched, but there are examples of this happening. The ones that come to mind are the banning of sharing recourses, like AirBnB or any ride share program.
allinzen 22 hours ago 0 replies      
As a former passive income hustler turned startup guy - this is so true. What's most important is to be comfortable with what you do regardless of others opinions. That's the one thing I could do without in start up land. The prosthelytizing.
brendoncrawford 20 hours ago 0 replies      
Changing the world is the new blinking text, or rounded corners.
joshtronic 17 hours ago 0 replies      
as a PIH and a father, I have to chime in and mention that my lazy & unethical self gets to spend a great deal more [quality] time with the family now that I'm no longer working 24/7 at a startup. sadly, no one ever gets man of the year for being a good parent.
kbenson 21 hours ago 1 reply      
I love how his comments section is hacker news.
chenster 21 hours ago 1 reply      
The last line I suspect is out of utter jealous.
unlimit 22 hours ago 0 replies      
Loved it, brought a smile to my face. This is exactly what I am trying to do.
wnevets 22 hours ago 0 replies      
I would rather be the PIH, how do I become him?
kennstone 16 hours ago 0 replies      
:D, Get Income invest on your own business, then get customer to make it grow. It must more satisfied then look up for investor :)

Btw you must see in the end, is there FBI or any kind police knock on your door :p

So make sure your business clean!!! Cheers

ivanhoe 20 hours ago 0 replies      
making the world a better place... mostly for themself, though...
As Feds Demand the Keys, Preparing for the Death of Public-Key Encryption vortex.com
389 points by ColinWright  2 days ago   287 comments top 34
a3_nm 1 day ago 8 replies      
> Public-key cryptography as we know it today may be rapidly approaching the end of its useful lifespan.

No evidence in the article substantiates this bold statement.

- "pressuring major Internet firms to provide their "master" SSL keys for government surveillance purposes": this demonstrates a weakness of centralized public-key infrastructures, it does not follow that public-key cryptography is doomed. (See: web of trust.)

- wiretaps, snooping, etc.: everyone is welcome to grab a copy of the ciphertext, this does not prove that cryptography is futile -- quite the contrary.

- "concerns about the security of widely used cipher algorithms and a range of other associated exploits": vague.

- "it is prudent to at least assume that intelligence agencies around the globe may still be working several steps ahead of public "state of the art" in crypto tech": unfalsifiable.

- "forced the hands of chip manufacturers to include "special goodies" for surveillance purposes": I am willing to fear deliberate plausibly deniable weaknesses on accelerated hardware implementation of crypto primitives, e.g., PRNGs, but it seems very hard to believe that implementations of public-key crypto using general purpose instructions could be somehow identified by the CPU and somehow tampered with in a way which would be non-obvious somehow.

- "when governments really want to target someone, they'll find some way to compromise the associated computers directly -- either through phishing or other malware attacks, or via in-person "black bag" jobs to physically alter systems as they might feel appropriate": humans are the weakest part of cryptosystems, and if they have physical access then they win; nothing new here.

In conclusion:

> I believe it would be fully appropriate for us to be considering alternative methodologies for data protection that are sufficiently outside the existing public-key "box"

Public-key cryptography is a tool. It certainly does not form, in itself, a full "methodology for data protection", but nothing in the article justifies that has lost any usefulness in its current form.

downandout 1 day ago 7 replies      
This kind of thing makes me think the Snowden disclosures actually emboldened the NSA in some ways. Their nightmare scenario occurred, and nothing happened. Nobody even got fired or "resigned". The public's tepid reaction has brought our nightmare scenario to life - we taught secretive government agencies that they can now do anything they want without fear of public backlash. These kinds of requests can now dramatically increase, with neither judges, politicians, or the NSA itself living in fear of anyone.
johngalt 1 day ago 3 replies      
It's a neat argument that the Feds have.

If you send traffic unencrypted: 'You have no expectation of privacy, because you're broadcasting information publicly.'

Turn on encryption: 'Clearly you have something to hide, and deserve additional scrutiny. It's still not a fourth amendment violation because we are just compelling a business to give us your keys'

thewarrior 1 day ago 2 replies      
Have no doubt about it, this marks the beginning of the end of online privacy. Now that even the U.S. govt is asking for the TLS Certificates there is no country that has the moral high ground on this issue.

I'm from India and when I heard that the Indian government was asking Blackberry for its encryption keys I thought "Hah these people are so ignorant! They don't even know how public key encryption works!!". In hindsight it doesn't look very foolish. In fact they're openly building a surveillance system called CMS which has no checks and balances even on paper. Unfortunately in a country like ours with has so many other pressing issues it isn't a big deal yet.

Recently some governments tried to orchestrate a power grab of the internet via the ITU but it was vetoed by the US. "Its better to let the US govt. have a monopoly on the internet", or so I thought. What with all their constitutional protections and all. Recent developments have shattered my hopes.

The NSA's worst case scenario has already happened. Other than some modest outrage on the internet nothing much has changed. In a sense it shows a tacit acceptance of mass surveillance by most of the public. Hence my opinion that recent events mark a turning point.

With noone having the moral high ground its quite likely that all world governments and corporations are soon going to come to an agreement on permanent mass surveillance . What then ?

rdl 2 days ago 7 replies      
Sounds like not "the death of public key encryption" but the golden age of building technical controls into hardware/software which cannot be subverted by the operator, even in the face of a state agent with a gun.

Assuming the right tech is developed and deployed, this is going to be far better for everyone in a few years. Yes, it will be shitty for a year or two, but by 2020, if we actually have real technical security, it will improve security and trust for end users. Rather than "trust us", it will be "trust us, because...".

wahsd 1 day ago 4 replies      
Something that people have apparently not quite connected is that these developments are incremental steps towards and can already be considered within the spectrum of mind reading. The only reason that that a majority of today's people do not recognize the situation as squarely in mind reading territory based on examples from literature and popular culture is that the the technical limitations still retrain government, with great frustration.

Although the same heeds of danger did not suffice in the early 20th century, we are facing the same mechanics that led to the world war. We are at a nexus of an ugly transition into the consequences of the information age the same way that humanity would ultimately face demise at the nexus of the consequences of industrialization leading up to the World War, first and second part.

The problem is a generational one; the baby boomer generation, with it's industrial age mindset is incapable from internalizing the consequences of their unprincipled actions.

dasil003 1 day ago 1 reply      
> To be clear, this is not to assert that targeted, justified intercepts should not be possible under appropriate and realistic court supervision.

Why make this disclaimer? To avoid being branded a fringe anarchist?

It seems to me that we should absolutely be building intercept-proof communication privacy to the best of our ability since A) there's no such thing as perfect security and B) anything of importance eventually comes into contact with the real world where governments have immense power and don't need backdoors to do their job.

leef 1 day ago 1 reply      
This article seems to be mostly FUD. Per-session, ephemeral SSL keys are available and are used by at least Google [1], CloudFlare[2], and others.

No keys are stored, no keys can be given to the NSA.

1 - https://www.imperialviolet.org/2011/11/22/forwardsecret.html

2 - http://blog.cloudflare.com/cloudflare-prism-secure-ciphers

rlpb 2 days ago 3 replies      
A logical conclusion to this is that if/when governments start forcing people to supply them with their private keys, they will also start forcing companies producing encryption software to include backdoors.

At this point, I'm thankful that we have Free Software. With access to the source code, forcing the insertion of a backdoor is futile, since somebody else will fork and remove it. With Free Software, we'll still be capable of running our own encryption in a way that government intrusion will still be detectable by ourselves.

Unless, of course, governments then ban communication about backdoors, or instructions on removing them, or distributing source code altogether.

digitalsushi 2 days ago 1 reply      
The only thing I get really spooked over, is that eventually it gets to a point where the government starts demanding passphrases for hard drives with no hidden encrypted partition.

Am I being paranoid? Someone sensible please dilute my paranoia.

anovikov 2 days ago 1 reply      
Broad solution to all this is building your lives in business in a way government can have a minimal control of. Just do what it requires and keep everything else encrypted and anonymized. And don't rely on government for anything, for we are heading for a world of global government failure: people and institutions are going to ignore and circumvent them all, and make them dysfunctional. In a way, that will be like communism: there is little government can be of help nowadays, and it is more and more becoming a nuisance.
macspoofing 1 day ago 5 replies      
Does the Federal government not understand that this (idiotic) mass scale surveillance is bad for business? All the big American companies generate most of their revenue outside of the US. Majority of the user-bases of the big Silicon Valley tech companies are foreign. This only works if there is a level of trust in the American system and American government. What are they thinking?!?!
mrmekon 2 days ago 0 replies      
And as Feds demand skeleton keys to buildings, prepare for the death of cylinder locks?

Prepare for a change in how we use it, not for its death.

forman00 2 days ago 2 replies      
If anyone's interested in learning more of how you can use the private key of a server to monitor all communications: see, for example, US Pat. 7,543,051

It describes a way to passively/non-intrusively ("invisible to the server") capture and analyze all network traffic using a cable-tap.

Bottom of column 8: "In order to accomplish decryption in a timely manner the secure traffic decryption unit needs the private key of the server. Usually providing the server's private key to another device would be considered a security flaw, since private keys are not meant to be communicated to any other party. But since it may be assumed that usually the server's owner or operator will use the present invention to monitor his/her own server, providing the server's private key to the secure traffic decryption unit does not pose significant security risks."

kenster07 1 day ago 0 replies      
Articles like this miss the main issue.

Privacy rights should not have to be enforced at the public key encryption level.

Before all the sensationalists start going wild, remember that the NSA almost got defunded very recently. That is where the real frontier of this debate should be.

At best, this episode exposes how vulnerable public key encryption is. But let's not go off the reservation.

masswerk 1 day ago 0 replies      
Just a thought:For the better half of the 20th century, i.e. after WWII, Europe has been confronted and living with acts of terrorism from numerous sides (Israeli just after WWII, Palestine, left-wing, right-wing, nationalist, etc, etc) with several severe casualties. Europe's democracies (for the better part at least) stepped back from drastic surveillance measures at will. (Partly because of the example of the Eastern block. Look up: Stasi.)It worked anyway.

So: There is no possible deal of security versus freedom as it has been proposed for the last 12 years or so. Sorry.It does not make sense. There is no proportion between the losses of freedom and identity, the investment, and the reported "less than 50 use cases" for the whole surveillance system. Please stop. Immediately.

Just saying, while we are losing digital identity.

cmircea 2 days ago 2 replies      
I treat email in Gmail as publicly accessible, same for almost everything I do on the web casually.

My business data lives in Amsterdam (Azure EU West), critical services we use are based in Europe. At least in my case I couldn't care less if the big US companies handed out SSL keys.

zokier 2 days ago 2 replies      
There is just so much more to public key crypto than public web SSL/TLS.
jasonkolb 1 day ago 1 reply      
If they're not careful they're going to endanger what access they have now. If secure communication as we know it ceases to be actually secure people will start (are now) figuring out how to go around points of failure. Meaning, if they push on this too hard they'll lose their ability to listen in on targeted communication because people will have more faith in unsigned than signed keys.

All it takes is one leak of this data to throw the entire idea "gimme your private key" requests into the domain of F###ing horrible ideas.

teeja 1 day ago 0 replies      
The whole cert structure has always been a house of cards. As evidenced last year, e.g, with the Turkish provider ...

Since I first looked through the original Netscape, I've never had -any- reason to put so much trust in the hands of these Blue-Ribbon names. Or any ISP, for that matter. If US intelligence goes through with this, then only end-to-end (which has been deliberately stalled off and roadblocked and stonewalled for decades) will be left.

At that point we'll find out just how much power we've left to defend the privacy of our communications, our relationships, our finances and our movements. The Cryptocat guy may yet become a legend... or someone like him.

niels_olson 2 days ago 0 replies      
Due to the nature of SCI compartmentalization, I suspect that if this happens, they're going to end up in something like symlink hell, where some FDA inspector in Kansas has root on Facebook via 4 degrees of ssl certificates.
tallpapab 1 day ago 2 replies      
Please forgive my rudimentary (and possible erroneous understanding. There are three things important to public-key encryption. The public key, the private key (together called the key pair) and a certificate. If I understand it the cert is just to give confidence that you have the correct public key. So the NSA having access to the cert is a non issue as everyone has access to same. That's its purpose in life. Also the public key is publicly available or the system wouldn't work. The only sensitive things are the private keys. Is this right so far? If I want to encrypt a message to someone I need to use that person's public key. I use the cert to make sure I have the right one. Now the message can only be decrypted with the private key. So how can the NSA decrypt such a message? They would need the private key. The ISP doesn't have it. Even if they have the private key don't they need a pass phrase to use it?

Not sure how the above applies to https or to ssh. Still, in both cases I don't think access to the cert breaks things. Indeed access to it and the public keys are essential to it working at all. (I guess one can operate without the cert too if you trust the source.)

Mordor 1 day ago 0 replies      
Any country with secret laws and secret courts cannot be trusted, so it's only the death of US encryption (chips, software, hosting and services).
cantankerous 1 day ago 0 replies      
Really, this article is silly. SSL keys will remain useful for authentication. If you want to make sure nobody's got the master key, just do a double-Diffie-Hellman and you're square...provided the person snooping on the master key isn't trying to use it to MITM you. That's a whole other bear entirely, though.
chris_mahan 1 day ago 2 replies      
The only defense against government snooping is air gap. Don't connect your stuff to the Internet.
tallpapab 1 day ago 1 reply      
All this increased digital surveillance comes at a time when the US Post Office is under artificial financial pressure. Just last night the news reported a plan to eliminate direct delivery to the door in favor of some sort of community mail box facilities. Interesting coincidence that physical letters (whose contents are still protected by federal statute) are being discouraged while unprotected content is being collected.
acd 1 day ago 0 replies      
Maybe we should not trust central key emitting authorities but each other and our friends instead. For e.g. the government could run shadow CAs which normally perform their duties but at demand provide MITM certificates for them.
ptaffs 1 day ago 0 replies      
The monitoring program is costing an awful lot of money, the data centers could be doing real work streamlining government processes and making the administration more efficient. We know governments, corporates, sys admins will snoop and should be objecting to our tax being used for a probably useless effort to process this raw data. Discuss tax rather than privacy, everyone cares more about that.
Yourfags 1 day ago 0 replies      
Technology changes and so does the world, whether we like it or not. The question is always, who will come out on top

I'm not really trying to be snide, but it really is an issue that's been sort of hanging around since the before I was born (1980s), who's going to control the internet and how, and whoever does is probably going to have a lot of power

aidenn0 1 day ago 0 replies      
Didn't moxie marlinspike have an idea for replacing the current SSL trust chain?
diydsp 2 days ago 0 replies      
As Feds hire contractors to do this work, the work will leak out of the contractors hands into the hands of those with money, such as foreign organized identity thieves. It's not just about hiding furry porn from the "Murican Gubmint," but about protecting our financial info from foreign thieves.
jensC 1 day ago 0 replies      
Arrrg! Forget about the cloud. I'll host my servers at home, unplug them at night and watch my log files over the day :)
mtgx 2 days ago 5 replies      
Why can't PFS be a solution for this?
jokoon 1 day ago 0 replies      
well no one has to obey them.

why so much fuss about it ?

New Course: The Design of Everyday Things udacity.com
344 points by dpatru  2 days ago   55 comments top 15
millerm 2 days ago 4 replies      
The "Design of Everyday Things" is probably one of the best books I have ever read on design. It's poignant for any designer of anything a human interacts with. Even though this book doesn't touch computer interaction it's completely relevant. Bonus: everyone you know who reads this book, or takes this course, will annoy you a little with the overuse of their wonderful new word "affordance". :-)
kjhughes 2 days ago 2 replies      
The quality of Udacity courses combined with an updated "Design of Everyday Things" plus Don Norman's direct involvement makes this course sound very attractive. The Udacity "Introduction to Computer Science" course by David Evans, by the way, is excellent. It is the one that I chose for by sons to take online this summer. I liked the balance it provided between pragmatic programming (Python exercises completed and evaluated in-browser) and CS fundamentals (BNF introduced in first lesson, for example). This new design course may have to be next on their list.
jpatokal 2 days ago 5 replies      
In case the name doesn't ring a bell, The Design of Everyday Things is an extremely readable introduction to usability, and an absolute classic in its field:


You'll never look a door the same way again... particularly if it has a handle but still expects to be pushed open.

maaaats 2 days ago 2 replies      
It's so weird seeing prices on courses, coming from Europe. With that said, I've taken a course heavily based on this book. It is mandatory for all comp. sci. students at my Uni. Many didn't like it, being to "soft" when they wanted to hack, and complaining that "most of it is sooo obvious". And yes, it may be obvious when spelled out, but far too often overlooked and forgotten. I quite liked it.
ThomPete 2 days ago 1 reply      
I don't understand why you would want to take a course with that book. What on earth do people expect to get out of that they can't get from reading the book?

Don't get me wrong, it's a great book, but it's popular because it's easy to understand, not because it necessarily contains actionably insights or complex issues that require a course to unveil.

lovskogen 2 days ago 3 replies      
Don Norman has just released a new version of this book seems like a smart move to do a course.
msvan 2 days ago 0 replies      
It's interesting how many design links pop up here. I came here with a technical background and developed an interest for entrepreneurship reading HN, and I think that in the same way a design interest develops in those who are already sold on the idea of doing a startup. It'll be interesting to see what collective interest will develop here after design has become a core part of the "HN mentality".
swamp40 1 day ago 0 replies      
Another great quote from the book:

The same technology that simplifies life by providing more functions in each device also complicates life by making the device harder to learn, harder to use. This is the paradox of technology.

The paradox of technology should never be used as an excuse for poor design.

~ The Design of Everyday Things by Don Norman

drcube 1 day ago 0 replies      
I've never read this book but of course now I have to.

I'll suggest reading Henry Petroski's stuff, too. "The Evolution of Useful Things", "The Pencil: A History of Design and Circumstance", and "To Engineer is Human" all make the case that the design of things around us are shaped less by insight and more by evolution, incrementally building on the mistakes of the past.

If "The Design of Everyday Things" is half as interesting as Petroski's books, I can't wait to read it.

mathattack 2 days ago 0 replies      
I used to give this book away to all my employees who were involved in GUI design. It is great about respecting and understanding your users, even if on the surface it's about door handles.

I wonder how this will play into Udacity, as I view it more as a platform for short quizes and testing via code. This is more a book on conceptual understanding.

cgag 1 day ago 0 replies      
It's strangely hard to do, but I'll go ahead and admit I found the first couple chapters incredibly dull and put this book down.
lnanek2 2 days ago 3 replies      
Don't bother trying to sign up, after they get you to make an account they tell you:> The Design of Everyday Things> Were still making this course but we'll let you know when it's ready!

Pretty annoying it gave me the option of Google/Facebook login, then made me fill out information anyway. The whole reason I picked Google to login is because I don't want to fill out a registration form for site number 1000.

sc00ter 1 day ago 0 replies      
Wonderful book, but if Norman is updating it, I really hope he drops the 'POET' backronym. It was contrived and awkward, and it's repeated inclusion felt seemed more like a slight to the publisher who changed the name from Psychology Of Everyday Things to its more approachable name.
jfb 2 days ago 0 replies      
It will be interesting to see how the course is designed, given that nobody has yet to really figure out the design and pedagogy of online teaching. It'd probably be worth checking this out.
krmmalik 1 day ago 0 replies      
Has anyone had any luck signing into the udacity course on their ipad using either facebook or google login? My attempts keep resulting in a blank white screen.
Porting dl.google.com from C++ to Go golang.org
342 points by swah  18 hours ago   95 comments top 17
STRML 3 hours ago 0 replies      
Maybe I'm showing my allegiance to my platform of choice, but the subtle dig on nodejs wasn't warranted on slide 25 (http://talks.golang.org/2013/oscon-dl.slide#25). As everyone's pal `substack` will tell you, use streams! Instead of explicit buffering, handling backpressure, etc., it's as simple as:


Additionally the link to `http-proxy` on slide 30 is misleading; 60% of that file is comments, and about 50% of what's left is websocket support, with the rest being header parsing & redirect parsing. The actual proxying bit is very simple and straightforward, and if you don't need every feature `http-proxy` offers you can do it yourself with streams in < 10 lines.

skriticos2 17 hours ago 6 replies      
So what I take from this is that the previous implementation sustained a huge amount of code rot and new code got layered over it with a staple instead of proper re factoring.

So he put the whole mess in a bin and re-done it cleanly with Go. Now it's much nicer. Some of Go's attributes helped along the way.

Did I miss something?

packetslave 18 hours ago 1 reply      
See also https://github.com/golang/groupcache for the peer-to-peer memcached replacement mentioned in the slides.
JulianMorrison 17 hours ago 1 reply      
What this actually means: groupcache is awesome. You just act as if the cache is full, and if it isn't, it will be. Where did the data come from? That's pluggable. And no concern of the part that just serves it up. Very subtle, very nice.
joebo 17 hours ago 5 replies      
I don't understand the need for the payload server from the slides. That makes me wonder - why not just use a HTTP server to serve the static files (e.g. nginx)? I'm sure I'm missing the obvious, but I'm probably not the only person wondering it.
fizx 17 hours ago 1 reply      
How does groupcache handle consensus?

Edit: Scanned the source, looks a like a best-effort distributed lock, rather than any sort of consensus protocol. This works for a cache setting, where e.g. having a split-brain scenario and duplicating the work is no big deal.

hosay123 17 hours ago 3 replies      
Either I'm having deja vu, or despite the date on the presentation, this is at least a year or two old
azth 13 hours ago 1 reply      
Pretty disingenuous on slide 58 to attempt to make the Go code look shorter than it actually is. Note how he left out all the verbose error checking code.
e98cuenc 18 hours ago 2 replies      
These slides are practically unreadable in an iPhone. They are split in half and it's impossible to get a full page on the screen (I can only see the right half of the previous slide and the left half of the next slide).

Anybody has an alternative to read these slides? The content itself seems quite interesting

__Joker 1 hour ago 0 replies      
I still don't understand why google does not give option to download via torrent ? Downloading android studio from dl.google.com last week over a slow connection was a horrible experience. I had to retry three times before I managed to get a successful download.
YZF 17 hours ago 2 replies      
Interesting story. Is this a "port" or a "rewrite from scratch"? It's kind of hard to tell.
codereflection 17 hours ago 0 replies      
I don't remember where I saw this, but somewhere, someone from Google said that all of their code changes every 5 to 6 months (or some reasonably short amount of time). That clearly sounded... optimistic at best. It's nice to see that even companies like Google have 5 year old old that is legacy and causing problems.
_random_ 3 hours ago 1 reply      
It seems that Go is a good replacement for Python as well?
godbolev 12 hours ago 0 replies      
Does anyone have a link to the video?
c0rtex 15 hours ago 1 reply      
Aside: Does anyone know how these slides are generated?
CoryG89 18 hours ago 2 replies      
too long... ?
IzzyMurad 18 hours ago 3 replies      
Too many Google employees in Hacker News trying to advocate Go...
UK Porn Filter Will Censor Other Content Too, ISPs Reveal torrentfreak.com
335 points by llambda  1 day ago   164 comments top 46
InclinedPlane 1 day ago 7 replies      
This deserves a lot more of a response but for now I'll just leave this:

Liberty is about the ability of the individual to do things that others disapprove of. You don't need liberty if everyone else approves of your actions. As a corollary, the exercise of liberty does not require a justification, because it's a liberty, practicality or "usefulness" or what-have-you play no part in it. It's onerous to require someone to justify their right to look at porn. It's even more onerous to ask people to put their name on a list as someone who desires the ability to look at porn. And indeed this is how freedoms are eroded. Because once you put things on a different footing and you require people to justify their freedoms then it becomes ever more difficult to justify anything. Can you justify eating a cheap, greasy cheeseburger? Can you justify watching "Jersey Shore"? Are you willing to?

These are precisely the same sorts of tactics that have been used since the dawn of time for busybodies to rein in individual freedoms of others, and thereby to obtain greater authority over others.

People often dismiss out of hand the notion that tyranny could possibly take hold over the first world democracies of the west in the 21st century. And to that I can only sigh. Perhaps it will not be known as tyranny, perhaps someone will come up with a different, more apt name once (if) we are in the clutches of it, but it will be every bit as bad and every bit as difficult to throw off, if not more so.

ferdo 22 hours ago 2 replies      
Sorry for the 19th century text wall, but this is so pertinent that it hurts.

"Next in importance to personal freedom is immunity from suspicions, and jealous observation. Men may be without restraints upon their liberty: they may pass to and fro at pleasure: but if their steps are tracked by spies and informers, their words noted down for crimination, their associates watched as conspirators, who shall say that they are free? Nothing is more revolting to Englishmen than the espionage which forms part of the administrative system of continental despotisms. It haunts men like an evil genius, chills their gaiety, restrains their wit, casts a shadow over their friendships, and blights their domestic hearth.

The freedom of a country may be measured by its immunity from this baleful agency. Rulers who distrust their own people, must govern in a spirit of absolutism; and suspected subjects will be ever sensible of their bondage."

The Constitutional History Of England Vol II (1863), pg. 288

by T. E. May


Nursie 1 day ago 2 replies      
Well DUH!

Some of the politicians like to say it'll be the same sort of system that's on mobile phones here. These have two characteristics -

  1. The filter is full of holes  2. What's blocked is pretty arbitrary
For instance, I was at a music festival last year (Beautiful Days), and access to the online site map and festival schedule was blocked as 'adult' content. The festival itself was full of kids and teenagers (brought along by their parents) for whom the info would have been useful. To get around it, I installed Orbot (Tor for android), because they only care about censoring the web.

rsync 22 hours ago 0 replies      
2010-2012 may well have been "peak internet".

Three years ago, or so, I was thinking about[1] the idea that we may have been witnessing something akin to peak oil, or peak credit.

At that time I was discussing it in terms of network fragmentation and net neutrality ... but a collection of different censorship regimes around the world degrades it[2] just as well...

[1] http://blog.kozubik.com/john_kozubik/2010/12/peak-internet.h...[2] "it" being the "homogenous, globally routed Internet as we have known it."

EGreg 1 day ago 0 replies      
First they criticize the Great Firewall of China. Then they start building it themselves. And who better than a Chinese network operator to do it? After all:

"The Public Pledge on Self-Discipline for the Chinese Internet Industry is an agreement between the Chinese internet industry regulator and companies that operate sites in China. In signing the agreement, web companies are pledging to identify and prevent the transmission of information that Chinese authorities deem objectionable, including information that breaks laws or spreads superstition or obscenity, or that may jeopardize state security and disrupt social stability."

-From Wikipedia

Shish2k 1 day ago 1 reply      
A possible silver lining - if you're against the filters that currently exist (blocking child porn), someone might infer you're a paedophile, which would be bad for you. If you opt out of porn filters, you'll go down on a list of people who want porn. If you opt out of everything-filters, the only thing that can really be implied is that you want access to something, which is somewhat less easy to blackmail with.
glesica 1 day ago 0 replies      
Which is, of course, an excellent reason such projects should never be tolerated in the first place. Government-mandated filters simply should not exist. Full stop. It's an easy question: Does the law in question require that access to publicly-available information be blocked in any way? If yes, then it is a bad law.
markbao 1 day ago 4 replies      
The terrifying reality of censorship, as told through the lens of that of China:

"I knew of some Chinese migrants to Australia who watched a Tiananmen 10-year anniversary documentary, and apparently tears just streamed down their faces.

They had no clue that it ever happened."

Tyrannosaurs 1 day ago 1 reply      
I'd like to see some direct information on what was actually said by the ISPs and where it's come from. This article is a lot of speculation based on a statement that they've said something and then an existing service offered by one ISP. Clearly they're not going to block games and dating sites which this service does so it's not clear why we should assume that it's any sort of useful template for what's proposed.

ISPs have a stated objection to these proposals (if only because they understand what's really involved) and it feels to me a little like this could just be spin from their camp. Suggesting that this is the start of wider censorship would certainly be a way of pushing the public against it which would suit the ISPs cause.

None of which is to say that what they're saying is wrong or that it's good bad or indifferent, just that my reading of the article is that it doesn't really have much to support it's claims.

All that said we know for sure that the proposals will block things other than porn if only because it's almost impossible to accurately define porn or build a perfect filter for it based on whatever definition you have. There will be false positives and negatives both in terms of definition and implementation, meaning that stuff will absolutely be restricted which shouldn't be (and let through when it should). Good luck running an on-line site such as Ann Summers or Agent Provocateur, even when you're allowed shops in the high street.

whamill 21 hours ago 0 replies      
There are two aspects to the current debate:- The 'child porn keyword' web search filter mandated on all UK ISPs with no opt-in or opt-out- The 'opt-out porn block' which will be applied to all internet connections, from which people can opt-out in order to receive unfiltered results.

The first part hasn't received as much attention because it's harder to write a punchy article about the malicious nature of a government-supplied permanent search filter blacklist, and it isn't as easy to attack as the blocking of legal content such as pornography but this is where the real danger lies.

Once the government add all their 'illegal search terms' to the blacklist and have the appartus for such wide-ranging censorship set up, what is to stop them from adding terms unchecked and unguided to filter any "unwanted" material from web searches? If this had existed in the US, for example, when the NSA Verizon/PRISM stories were leaked, how easy would it be for them to simply add "Edward Snowden" or "The Guardian" or "PRISM" or even "NSA" to the search term blacklist? They would easily justify it on the grounds that the material leaked was classified or damaging to national security.

At this stage a majority of people would in hindsight agree that this leak is hugely important and in the public interest, but if these terms were blocked by the government then what?

smnrchrds 17 hours ago 0 replies      
When widespread Internet censorship started in Iran, they promised it will only be used for porn. Being a religious country, no one protested. I don't say everyone agreed, but because of all the stigma attached to porn, no one said a word or lifted an finger. What started as a porn-only filtering system expanded exponentially. Little by little, the number of unavailable websites grew. Nowadays, most of the internet is inaccessible from Iran. To name few instances:

YouTube, Vimeo and all other video-sharing websitesFlickr, imgur and all other photo-sharing websitesWordPress, Blogger and all other blogging platforms (and every blog on them)Facebook, Google+ and all other social networksBBC, CNN, NPR and almost all foreign news agencies...And also HTTPS rarely works. They have limited the HTTPS bandwidth so much it's impossible to use Gmail without a headache, in an effort to encourage everyone to disable it, thus making it easier for surveillance.

Dear British friends, it's a slippery slope. Don't let the same thing happen to you.

Fuxy 1 day ago 4 replies      
There's no feasible way of blocking circumvention tools without causing massive collateral damage.

If they block SSH tunnels for instance no sysadmin will be able to do their job. Same for VPN. A lot of people work remotely.

I will laugh my ass off if they try to do that.

At the same time I won't be able to access my VPS anymore :(

x0054 23 hours ago 2 replies      
In my previous line of work, as a criminal lawyer, this is how this would be used:

Q: "Mr Smith, isn't it true that you willingly removed a filter on you Internet connection, places there for your safety, and the safety of your children, and now your connection allows you to watch hard core porn?" A: "But... I did it because.."Q: "Yes or no, Mr. Smith? Did you ask for the filters to be removed?"A: "Yes, bu..."Q: Thank you, Mr. Smitha

varmais 1 day ago 2 replies      
There was a debate in Finland when the child porn filter was introduced a few years back. One guy had a website where he kept database of sites which were blocked but did not contain any child porn. Aftermath was that the site was added to list and that raised even more questions about the whole censorship idea. (http://en.wikipedia.org/wiki/Lapsiporno.info)

Unlike in Britain, the consumers did not have an option to opt out from the filter although it seems that majority of ISPs don't use it. Later on ISPs were forced to block piratebay.org and there have been discussions about blocking online poker sites etc, because Veikkaus enjoys monopoly in gambling and betting business in Finland.

javajosh 23 hours ago 2 replies      
You know what would make a lot of sense? Install these filters on every new device sold in the UK. Make them configurable, and even uninstallable, but defaulting to "blocked". That way if and when people choose to unblock something, it's a private matter between them and their device.

This achieves both the stated goal of protecting people from malicious content, and the freedom of people to consume malicious content, if they want to, in private.

nodata 1 day ago 1 reply      
It turns out that the slope was very slippery indeed.
mcintyre1994 1 day ago 0 replies      
Absolutely no way they'll ship with social networking blocked by default, it'll be dead on arrival. Every household will want social networking, and will enable that if they just skip through and realise they can't get to Facebook. Once they do that the whole systems pointless unless people actually see some benefit.
dcc1 1 day ago 3 replies      
Us hackers need to make a new "web" a web where censorship is not possible and everything is encrypted, a "web" with no single points of failure, a "web" where domains cant snatched or censored, a "web" like the web used to be :(
triangle 1 day ago 1 reply      
If you live in the UK, please consider signing the petition to stop the filters: https://submissions.epetitions.direct.gov.uk/petitions/51746.

At the moment, it's sadly languishing at a mere 21,000 signatures. If it reaches 100,000 then that should trigger a parliamentary debate. I'm also going to send an email to my local MP. Does anyone have any other ideas for fighting this censorship?

w_t_payne 1 day ago 1 reply      
Let's see which way the wind is blowing .... hmmm... I sense an opportunity for profit!

I think that I will create a business to develop technology that lets us block undesirable thoughts. We will use an EEG cap as the sensor, some machine learning to detect undesirable thoughts, then a bone-conduction speaker to play distracting and disorienting sounds whenever our detector is triggered.


Do you think I could get some government funding for this?

frobozz 1 day ago 0 replies      
Pope is Catholic, Vatican reveals.
cle 23 hours ago 0 replies      
I can only interpret this as a power grab. This is not a sensible solution, it's an opportunistic solution.

I think many people in modern society don't understand the power of data. The NSA scandal has shown how much people underestimate the power companies can have when they own everyone's data. And similarly, they underestimate the power that a government can have when it owns everyone's data.

We need to do a better job of showing the lay person how much they're underestimating the value of their data, and how much power the data aggregators have.

nutmeg 1 day ago 1 reply      
If the concern is actually about enabling people to restrict what their children see, why not create and distribute a free, open-source software package that citizens can run on their own?

Obviously the question is rhetorical, but I'd like to see someone ask it.

majke 1 day ago 1 reply      
I tried to look it up, but UK's law is still a mystery for me. Can someone help: what is a definition of ISP in the UK?

Especially: is a VPN provider an ISP?

Additionally, what definition of ISP is used in Mr Cameron's proposal?

buro9 23 hours ago 0 replies      
HN users in the UK should note: The default blocked items includes "web forums", potentially including HN.

You would have to opt-in to viewing such content as the default has you opted-out along with porn, violent material, extremist and terrorist related content.

huherto 1 day ago 0 replies      
At least to me, the big problem with porn is that it can rise your thresholds of excitement, make you insensitive, and you can even become an addict. But our kids will (hopefully) live in a world where porn is prevalent. We should teach them (at the appropriate age) that it is something that they can enjoy but should be careful not to abuse it.

Anyway, the idea of getting the government involved on blocking porn (or anything) is really bad. I rather live in a world where we have to teach our children to be responsable than in a world where the government decides what they can and what they cannot see.

pavanred 23 hours ago 0 replies      
This is probably a long shot but I was wondering if eventually this censoring functionality can be used to draw boundaries over the internet. Once you have the infrastructure in place to censor then there's very little needed to do extend the filters to censor other content.

For instance, nationalize the internet, perhaps block services from companies from other countries or tax such services to promote indigenous companies that provide similar services. The reasoning can be why not promote local businesses and provide them incentives by taxing or levying duties on services from other countries instead of letting a company from some other country making all the profits.

edit : typo

dobbsbob 23 hours ago 0 replies      
This filter is for the coming austerity cuts Cameron is about to roll out. He saw what happened in other countries and took a preemptive measure to be able to filter Twitter and other online protest organizing during times of "national security".
reidrac 1 day ago 0 replies      
I don't know how things are going to change but I ordered Talk Talk a couple of days ago and they only ask you if you want content filter and antivirus filter on; whatever you choose they say you can customise it later in your control panel.

So far I like what I have seen. I just don't want any filter, thanks, and I did't have to say why (ie. porn or anything else).

fastball 1 day ago 1 reply      
So what are the speculations on circumvention?

Would an unblocked proxy suffice, or do we think UK internet users would need to purchase a VPN?

Also, is the idea to block porn sites, or any site that contains pornographic content, like NSFW subreddits?

ollysb 23 hours ago 0 replies      
The whole thing comes a bit unstuck when you realise that BT has had a system in place that allows parents to protect their children for years. The new approach doesn't seem to provide any benefits but succeeds in pissing off a great number of users.
cmircea 20 hours ago 0 replies      
I don't understand one thing: how will this filter actually work?

Say I use Google or Bing or whatever over SSL. All traffic is encrypted end-to-end. How will the ISPs know I am searching for a forbidden term? Are they going to request a CA to issue certificates for google.com to ISPs?

ollysb 23 hours ago 1 reply      
Slightly tin-foil, but any thoughts on the timing of this story? The intersection between those talking about the NSA and those that will be angered by the introduction of internet censorship is pretty perfect.
nly 23 hours ago 0 replies      
Anyone know if Tim Berners-Lee has come out to say anything about this?

I believe he's expressed views in favour of net neutrality and against censorship in the past. With his participation in the Olympic ceremony perhaps, if he were to get in the news, the public would pay some attention.

xedarius 1 day ago 0 replies      
If you have a problem with what your children are exposed to lock them in a box, not the internet.
spdy 1 day ago 0 replies      
The state nanny approach to internet censorship.
cLeEOGPw 1 day ago 1 reply      
If the block itself is only a technical measure, it only boosts alternative access methods. But if they make it illegal to do things like watch port or download torrents without government permission, like they do now with the requirement to hand over private encryption keys to the officials require them, then GB will become worse than China in the freedom of information flow aspect.
coldcode 1 day ago 0 replies      
If everything goes through a filter then anything can be tapped and recorded as well.
diminoten 1 day ago 1 reply      
The Internet interprets censorship as damage and routes around it. $5/month VPN subscriptions will come with routers, pre-configured.
worksaf 1 day ago 0 replies      
So basically its a business deal between Huawei and the UK and they're using the angle of "Think of the children" to sell the idea.
runarberg 21 hours ago 0 replies      
The internet filter at the caf I'm connected to at the moment (Stofan in Reykjavk, I'm sure some of you know the place) actually blocked me [following this link](http://www.siminn.is/lokad-a-sidu/).
Sephiroth87 23 hours ago 0 replies      
Doesn't really surprise me, since it's basically the same thing we already have on mobile connections...
mcantelon 20 hours ago 0 replies      
i.e. D-notices.
grabhive 23 hours ago 0 replies      
The rapid growth of circumvention technologies is now assured.
pasbesoin 1 day ago 1 reply      
As I've been saying for years, the Great Firewall of China is -- or was -- the prototype.

Look at its early history: Built with "Western" technology and consulting.

Did you think all these firms were creating a one-off?

And, the following observation is perhaps stretching the interpretation a bit (or not), but I find it somewhat ironic that, after all this, it is a Chinese company that is pushing this implementation forward. Use domestic market access to acquire the knowledge (sometimes, by hook or by crook), and then use your control of your own labor market to undersell the competition.

rqfowler 1 day ago 0 replies      
Amashs Amendment To Defund NSA Program Fails 205-217 techcrunch.com
276 points by llamataboot  2 days ago   159 comments top 22
tptacek 2 days ago 9 replies      
Copied from the other thread, because it bears repeating:

I think it's important to keep in mind that the 12 vote margin is comfortable for Amash and supporters of new NSA restrictions and uncomfortable for its defenders.

Here's why: opponents of Amash wielded an argument that "split the vote". Representatives who voted against Amash could have done so for one of two reasons:

(1) They actively support providing the NSA with unchecked access to cell phone metadata under the "business records" provision of PATRIOT, or

(2) They don't support that access, but can't support a broad amendment that potentially de-funds whole NSA programs, and instead need something finer grained to correct NSA with.

Meanwhile, everyone who supported Amash believes strongly --- so strongly that they're willing to do something disruptive to NSA --- that new checks on NSA are needed.

(I think Amash was a good amendment, if only because it would force the House to do its actual job and carefully regulate intelligence collection; if it caused a temporary shitstorm, so much the better --- it'd be a well-deserved comeuppance for a legislature that has been derelict in its duty to oversee these programs. But you should be aware that opponents of Amash had a persuasive-sounding argument for voting it down even if you believed new regulations were needed.)

I think this was a pretty hopeful vote.

KevinEldon 2 days ago 3 replies      
Your representative is probably on Twitter. If you've got an account tweet how they voted and what you think about it. Be polite. You can of course email and call them too to share you viewpoint.

Find your Representative - http://www.house.gov/representatives/find/

Amash vote - http://clerk.house.gov/evs/2013/roll412.xml

pvnick 2 days ago 0 replies      
Twelve votes? That's it? Wow, that's incredible. The first real tide change we've seen since the passage of the patriot act. Those who voted Nay seemed to do so because "metadata isn't covered under the 4th amendment."

Wait until they find out the NSA is raking in the call contents too [1]

[1] http://www.huffingtonpost.com/2013/06/29/glenn-greenwald-nsa...

kristopolous 2 days ago 2 replies      
I'm knowingly paying an organization to openly wage cyber warfare and espionage operations on me?

Splendid. At least we may get a few good HPC and IR publications out of it.

Actually, it will probably be outsourced to contractors who will squander it away without producing anything.

Unless, that is, the next 9/11 gets planned using twitter hashtags. Actually, since the Sandy Hook shooter openly talked about his plans on 4chan, I'm guessing that even a twitter campaign would still "pass under the radar".

I bet the only real consequence is that someone will lose a laptop with like, everybody's social security number and financial history on it. It's going to be so awesome.

lettergram 2 days ago 2 replies      
Republican: 94 yea 134 NayDemocratic: 111 yea 83 Nay

Pretty close and party lines didn't seem all that important.

guelo 2 days ago 2 replies      
If congress were to pass some law (over Obama's veto) limiting the intelligence agencies, what is to stop the administration from coming up with a secret interpretation of the new law that effectively ignored it? They are already in violation of current law, as the author of the Patriot Act has stated.

Democracy has been completely subverted at this point. We need impeachments and new anti-secrecy laws.

s_q_b 2 days ago 0 replies      
Repost from another thread on the same issue:

I really do commend everyone involved in this effort. This is how the system is supposed to work, citizens making their voices know, and the legislature acting upon the will of the people.

Honestly you guys got far closer to your goal than I would have anticipated. The bipartison support was almost unprecedented in recent years.

From a practical matter, even if the House bill passed it was dead on arrival in the Senate. But nevertheless it is a significant symbolic blow to blank surveillance against American citizens.

All I've tried to communicate, perhaps with less than appropriate tact, is that this is going to be a long slog.

If you're going to reign in the surveillance state, you'll need to start thinking like Washington insiders. Pick one incumbent that vocally supported these programs, and take him or her down. That will instantly catapult this issue to the top of the concerns in DC.

It only costs a few million to get that done. Considering the wealth of the tech industry, and the threat this poses to overseas expansion of the US internet services, donations shouldn't be overly difficult to drum up. We could really make a large dent in getting the legislature to help roll back these programs to sane levels. Add to that an anit-SOPA style social media campaign, and you could accomplish real and lasting change.

llamataboot 2 days ago 0 replies      
I am wondering why we didn't see a /single/ large tech company release something in support of this. Even something as simple as a press release...
altero 2 days ago 4 replies      
I think this is the end of the cloud. For me (as european) it is now unacceptable to use american webservices and remote apps. We had a good run.
livestyle 2 days ago 3 replies      
Would be interested in a consolidated list names of those who voted in favor and against this bill.
tzs 2 days ago 0 replies      
The votes from members of the Permanent House Select Committee on Intelligence were 2 yes, 21 no.

By party, that was among Democrats 2 yes, 8 no, and among Republicans 0 yes, 13 no.

marcamillion 2 days ago 1 reply      
Even though I don't have the time to do it, I have a feeling that if you drilled down into the votes some more, you would likely see a pattern/relationship re: authority.

i.e. those in higher authority would have voted it down (Boehner, Pelosi, etc.) and those with less authority supported it. So the powerful preserving their power, with the less powerful challenging it.

That alone can speak volumes about the potential for their power crumbling. Boehner has been on the ropes recently with his caucus warning him to tread carefully.

If that turns out to be the case, then the leadership has big problems. Both in the House and the Whitehouse.

That could be good for the issue over the long-term....which is encouraging to me as a "foreigner".

D9u 2 days ago 0 replies      
The bit about "...not the product of an informed, open, or deliberative process" illustrates the hypocrisy inherent to the ruling class.

They rarely hold themselves to the same standards which they set forth for the proletariat.

coldcode 2 days ago 0 replies      
The tool who represents my district actually voted AYE. Maybe there is hope for this body of morons.
BashiBazouk 2 days ago 0 replies      
If this is to be fought the time is close at hand. First off if this is played as a left vs right issue it will lose. Second this needs to be won at the primary level. If both the democrat and the republican in a district/state are against it, then it doesn't really matter who wins as far as this issue is concerned. Bonus points if when the debates start, instead of opposite sides of the issue, they try to one up each other on how they will dismantle the surveillance state. I think asking your Representative their stand on this issue as well as any one else who enters the race is a good start but also try to get some sort of pledge that they will work across the isle with the other party to get this done.

This will need at least two election cycles to be successful. Everyone in the house is up for re-election every two years but the senate requires six for everyone to go through the re-election process. I think with some luck, the third senate election cycle might not be needed if enough momentum can be attained. But I think to really succeed it will have to survive a filibuster and possibly a presidential veto.

We can do this if we are willing to put aside our political differences, work together and think long term.

darkmethod 2 days ago 3 replies      
Is this the will of the people?
clarky07 2 days ago 0 replies      
Really interesting thing here is that 12 people didn't vote, exactly the margin of defeat. I wonder how many of them were leaning towards voting for it, and how many of them were strong advised (coerced) to abstain.
rdl 2 days ago 0 replies      
It's really interesting looking at the people who voted against this -- Nancy Pelosi and Michelle Bachmann?
evolve2k 2 days ago 1 reply      
Which way did Obama himself vote?
pteredactyl 2 days ago 0 replies      
Maybe its a Spectacle for hegelDialectic/divideConquer #pov
tlongren 2 days ago 1 reply      
I read the title as "Amish's Amendment". Wondering what the Amish did to illicit such attention from the NSA.
pawrvx 2 days ago 1 reply      
Now you know who runs America.
NASDAQ is owned. Five men charged in largest financial hack ever arstechnica.com
273 points by shawndumas  1 day ago   131 comments top 24
kevinalexbrown 1 day ago 6 replies      
Is anyone aware of a) whether other security auditors or services could have identified these vulnerabilities and b) what it takes to sell to these exploited firms?

My understanding of security is fairly small, but it seems to me that there's a market to be had here ... If the expertise exists to dramatically reduce exposure, it's a question of sales or ease of use. If the expertise doesn't exist yet, someone smart might make a lot of money.

austenallred 1 day ago 12 replies      
I honestly believe eastern Europe and possibly Israel are years ahead of the United States when it comes to the Internet - not with regard to adaptivity, but with regard to raw hacking ability.

I have yet to understand why and I only have anecdotal evidence (including living in Ukraine), but there's something to those places that make them breed hackers.

minimax 1 day ago 3 replies      
I've seen this story (NASDAQ being hacked) reported in a couple of places, but it isn't clear to me what damage was done. It's not really possible for them to have messed with the actual trading without anyone noticing. Everyone connecting to an exchange is reconciling the orders they send in against the trade confirmations they receive. You basically design your technology assuming the exchange is going to fuck something up eventually. I'd really like to hear more details about what was going on here.
driverdan 1 day ago 1 reply      
> Court documents allege that as a result of the scheme, financial institutions, credit card companies and consumers suffered hundreds of millions in losses, including more than $300 million in losses ...

BULLSHIT. I want to see hard evidence that there were real losses totaling more than $300 million. The justice dept loves inflating loss figures based on sentencing guidelines which mandates minimum losses for stolen info even if they were never used to commit a crime.

gnufied 1 day ago 0 replies      
An interesting trivia is - one of the guys being charged is "Dmitry Smilianets", CEO of Moscow 5. A rather very prestigious esports organization that has/had good teams in League, Dota2 and Counter strike.

The arrest itself happened an year ago and was widely reported on gaming websites (http://www.joindota.com/en/news/3537-moscow-5-ceo-arrested-i...).

screwt 1 day ago 1 reply      

    Sites are susceptible when user input is ... incorrectly filtered for characters used in database commands ...   
If you're trying to protect yourself from SQLi by filtering & then running user input, you're doing it wrong. If a supposedly tech-literate site like Ars can't get that right, what hope do we have? (Let alone the banks themselves...)

peterwwillis 1 day ago 1 reply      
"According to one indictment, European credit card numbers sold for as much as $50, while US ones fetched about $10."

Where are they getting their numbers from? Last I heard (a year or two ago), carders charged about 10 cent for foreign cards and a dollar per US card. Any actual carding researchers care to weigh in?

k_bx 1 day ago 2 replies      
> SQL-injection


startupfounder 1 day ago 1 reply      
You would think that a way to stop these kinds of attacks for pennies on the dollar would be to have the security companies, banks, retail stores and others involved on the receiving side of these attacks fund hackathons or startup accelerators in every country, like a startup weekend, to give these "kids" a chance at legal startups and to get paid for finding bugs.
AsymetricCom 1 day ago 2 replies      
Doesn't NASDAQ have some responsibility for this hack? Doesn't NASDAQ have serious security reputation issues now?
alexjeffrey 1 day ago 2 replies      
the idea that NASDAQ might've been hacked using an SQL injection is pretty scary, as it's a pretty trivial attack to protect against in most cases (mysql_real_escape_string?) - is security in stock exchanges really so lax?
trotsky 1 day ago 0 replies      
Wow, the US Attorney is really going out of his way to fill this one up with bullshit. I knew something was very wrong when goodin claims hundreds of millions in losses on a carding ring and it didn't take long to find it. The only people that would pay $50 for anything having anything to do with credit cards would be fbi investigators. Hell they're the only ones that would pay one tenth that.
dclowd9901 1 day ago 4 replies      
> According to one indictment, European credit card numbers sold for as much as $50, while US ones fetched about $10.

This is truly dumbfounding to me. They had normalized, searchable access to millions of credit cards. They presumably had systematic ways of siphoning off money on high balance cards in a way that no one would've ever noticed. And yet, their grand scheme was to hock the numbers piecemeal for 50 a pop?

How are such smart people so bad at business.

readysetgo 1 day ago 0 replies      
Stealing money from global financial institutions is only allowed when you are a banker.
coldcode 1 day ago 1 reply      
Amazing people are still ignorant of how to properly code a web application. Not to mention all the companies that likely still store passwords using a reversible algorithm and fail to separate and encrypt credit card information. What is this, 1994?
thomasbk 1 day ago 0 replies      
The actual indictment is here, it's a fairly interesting read:http://www.justice.gov/iso/opa/resources/5182013725111217608...
txutxu 1 day ago 1 reply      
Upvoted, did make me enjoy the read.

6 months since the first SQLi to the "Nasqad is owned".

6 months...

Sometimes I've play Neo from a pub connection with recycled hardware (not buy with my card number) but at most one week to the same target.

I wish I could have the skills of those people. Not that I want to make money stoled from unknown people... I just would like to have their skills.

jingo 1 day ago 1 reply      
I'll get downvoted for this, but I think SQL admins should in some way be held accountable for successful injection attacks. Falling victim to this type of exploit which is as old as the hills should be inexcusable. How difficult is it to learn how a UNIX shell works, inside and out? For what these guys get paid and what they are tasked with securing, they should be experts on escaping and quoting and every possible thing one can do with the shell. All the boring stuff. Because that's probably the knowledge these "hackers" leveraged.

If I'm wrong here, if there's more to it, feel free to correct me. I want to be empathetic with the people who set up these SQL databases, but I really cannot understand why anyone can still in 20xx get a shell via SQL statements, at a financial institution no less, after so many years of seeing others fall victim.

KumarAseem 1 day ago 1 reply      
Their actions might have been illegal but they for sure are good at breaking things and their skills should be used instead of throwing them in jail for 20 years. Counsel them and give them a change to reform themselves.
lifeisstillgood 1 day ago 0 replies      
Is there a summary of the techniques used, the escalations take ? Does it compare to OWASP ?
itsallbs 1 day ago 0 replies      
'SQL-injection vulnerabilities in the victim companies' websites'


ereckers 1 day ago 0 replies      
I just think its funny that a hacksaw is now the international symbol for hacking.
kevin818 1 day ago 2 replies      
How would one even go about doing this? Do you just keep trying difference ssh key values?

I never understood how people can just magically "gain access" to servers.

sarreph 1 day ago 1 reply      
Was most of this done by SQL injection?
How do I think in AngularJS if I have a jQuery background? stackoverflow.com
269 points by laurent123456  2 days ago   68 comments top 16
danso 1 day ago 3 replies      
A couple months ago I created an Angular app just to try it out for myself (only NYCers will find it useful: http://summerstagelove.com) and it was the first Javascript-using website, since having learned jQuery 5+ years ago, that I've made that doesn't include jQuery...I tried for awhile to get jquery.isotope.js to work but didn't know enough about the order of callbacks and such in directives, so just left it out entirely.

I've developed enough Rails apps to think architecture-first...but thinking back in my jQuery only days, the OP's question seems like it'd be a very common one among jQuery-only-front-end developers...and the top-answer is excellent: if you don't include jQuery, then you're forced to think about the architecture, and you'll be better off for it as a developer.

thangalin 1 day ago 2 replies      
How well do screen readers for the blind and AngularJS play together?

I thought that JavaScript-based frameworks are often not very compatible with screen reading technologies, but have not investigated what advances have been made for the blind in this area.



rzendacott 1 day ago 3 replies      
I'm very glad to see that this answer hasn't been closed as not constructive! It seems like most popular questions like this are, even though they're incredibly useful and insightful.

I was leaning toward learning Ember, but this post makes me really curious about Angular. In particular, the ease of testing has my interest piqued. Is testing as simple/easy with Ember? I know that unlike Angular, Ember doesn't have DI as a core feature. Either way, I should probably just flip a coin and start learning!

gohrt 1 day ago 3 replies      
This answer convinces me to prefer jQuery for apps that aren't Facebook or Gmail.

It has an "architecture astronaut" feel (explicitly eschewing graceful degradation!), which most web pages don't need.

I'd be interested in "controller" plugins for jQuery, so I can opt into upgrading from trigger->DOM to trigger->controller->DOM as my app grows.

jacques_chester 1 day ago 2 replies      
So far I've spent several weeks of my spare time forensically decomposing the documentation, nearly line by line. It's been very slow going.

The main thing I've learnt is that Angular is elaborate. Each time I get my head around something, I realise that my previous understanding was utterly wrong.

The docs are sufficiently vague that I spend a lot of time looking for secondary sources or just reading the code directly. Sometimes the code is self-documenting. And sometimes it's neutron-star dense.

But what I'm seeing, I really like. I think that directives are a big part of the magic -- building the HTML you wish existed and then writing your app in that domain-specific HTML.

joshavant 1 day ago 1 reply      
'How do I "think in X" if I have a Y background" seems like an incredible programming blog/book idea.

I, for one, constantly find myself thinking along the same lines whenever I try out a new language.

junto 2 days ago 0 replies      
The first answer is really so well written it was worth yet another upvote.
wes-k 1 day ago 2 replies      
I was lucky enough to read this when I first got started with angular. Huge help shifting your mindset to angular and seeing the advantages it provides.

I'd also recommend http://egghead.io for some in depth walk throughs.

VeejayRampay 1 day ago 4 replies      
Maybe it's because of my background with Backbone.js but Angular really doesn't feel right. Any way I look at it, it feels like HTML and JS is being miished mashed together all over again and I thought we were past this way of doing things.
JeremyMorgan 1 day ago 1 reply      
It's answers like these that make SO an invaluable resource. They should award bonus points for stuff like that.
TheHippo 2 days ago 0 replies      
The first answer should be part of the official documentation.
isaacb 1 day ago 0 replies      
The cool thing about Angular is that it introduces a pretty unique way of building applications. What people don't seem to get is that it isn't mutually exclusive with jQuery. You can use Angular and still pull in the full jQuery library for your directives. What you'll find, however, is that you don't really need much more than the jqLite library that ships with Angular. The "Angular Way" alleviates the need for the more involved DOM functions in jQuery.
guiomie 1 day ago 1 reply      
I've just started using angular.js lately.

One of the best advice I read was not to use jquery with angular.js, and I couldnt agree more.

My question now is, why would I ever want to use jquery and angular.js together? I can do everything I needed to do before in jquery with angular.js

tocomment 1 day ago 5 replies      
I'm curious if anyone could point me to a really simple application that shows how to use AngularJS and Firebase together?

I'm thinking it makes sense to do my next project in those technologies since that way I can avoid setting up a hosting platform entirely and not even pay for hosting? Does that seem like a good idea? (It's going to be a way people can pay bitcoins to other people to read books)

sluukkonen 1 day ago 0 replies      
There is a simple todo app example on the angularjs homepage. It's one of the first examples there.
akadien 1 day ago 0 replies      
Angular.js makes me hate Javascript.
Probablistic Programming and Bayesian Methods for Hackers camdavidsonpilon.github.io
264 points by cnivolle  2 days ago   27 comments top 10
3JPLW 1 day ago 3 replies      
I worked my way through the book a month ago. It's very practical and understandable. The ipython notebook format makes it extremely easy to play with the code without worrying about any setup at all. And having it on github made it extremely easy to fix and clarify things as I went.
nirvanatikku 1 day ago 0 replies      
FYI for those in Boston this weekend: http://pydata.org/bos2013/

Cam (the author) will be presenting an overview: http://pydata.org/bos2013/abstracts/#46

yid 1 day ago 1 reply      
Are there any plans at all for a dead-tree version, for us old timers? I love what little I've read of this book, but reading on screens just doesn't work for me.
zenburnmyface 1 day ago 0 replies      
Short answer: Yes.

Long answer: Here's an analogy. Computers have been abstracted enough that I have no idea how a compiler works, what assembly is, or what the difference between a Flash Drive and a SSD is, but I can still code as I please. Is this practice wrong? No, and I don't need to know (nor do I want to). This book tries to abstract inference (read: programming), from mathematics (read: compilers, assembly etc.).

level09 1 day ago 1 reply      
Strange, got a malware warning :

Danger: Malware Ahead!Google Chrome has blocked access to this page on camdavidsonpilon.github.io.Content from ctan.yazd.ac.ir, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your Mac with malware.

rogerchucker 1 day ago 1 reply      
Does the author have any blog post or plan to write one about this part: "After some recent success of Bayesian methods in machine-learning competitions"? It will then be easier to translate Bayesian Inference to real world problem for noobs like me. I was trained in mathematical Bayesian Inference in an Econometrics class but I never did anything practical with it.
0003 1 day ago 0 replies      
I have only had success with the stock Android browser for viewing ipython notebooks on a mobile platform. However, for some reason the "A" in P(A) in Chapter 1 does not display. Does anyone know why this would be happening?
abrichr 1 day ago 1 reply      
Not that I have any complaints (the opposite is true), but why is the cover art an illustration of the Toronto skyline?
keithflower 1 day ago 1 reply      
Another interesting platform for working with probabilistic programming is Bher/Church:


and Oleg's and Ken Shan's fantastic OCaml library Hansei:


Pedantic nit: probablistic vs probabilistic....

Choronzon 1 day ago 0 replies      
This book also serves as excellent guide to ipython/matplotlib visualisation so I would recommend it for this even if you are not interested in primary subject matter.Very well done on all counts.
OVH launches 2.99/mo dedicated servers (2G RAM, 500G disk) ovh.co.uk
262 points by julien_c  1 day ago   234 comments top 41
ck2 1 day ago 5 replies      
Note these are atom based.

But I bet nginx could still crank out static files from them.

Translation: http://translate.google.com/translate?sl=auto&tl=en&js=n&pre...

    We have 3 servers in the KS series:    KS-2G ATOM powered with 2G of RAM, 500GB,  100Mbps 2.99e/mois.    KS-4G 4GB of RAM, 2x500GB software raid 9.99e/mois     KS-16G Core i5 with 16G, VT and 2x1TB 19.99e/mois
3 euros is $4 USD and 20 euros is $26.50 USD

They are also on the UK site:


That $26.50 server is currently $40 in the US (CA)


The real deal here IMHO is the i5 for $26.50, that cpu can run laps around the atom and can run in "turbo" mode near 3.5ghz all day.

wcfields 1 day ago 5 replies      
Can't just signup right away, they require:

Proof of ID:

    ID card    Driving Licence    Passport
Proof of address:

    Utility bill (Gas, electricity, phone)    Bank statement    Official correspondence

txutxu 1 day ago 1 reply      
By the price of two coffees you get a server connected to internet.

When I started with this, the price of a server was the salary of an adult of medium class working during one year (and you got it without connection to internet, neither hosting facilities)...

I wish the price of technology at home (devices, connections, etc), could go down the same way for everybody.

ukandy 1 day ago 3 replies      
DC photos can be found at https://lafibre.info/datacenter/data-center-ovh-roubaix-1/. It doesn't get any cheaper than that.

I'm guessing they buy mini-itx boards from China by the container load.

JohnHaugeland 1 day ago 0 replies      
This company requires extremely invasive amounts of personal information - going as far as to ask for your drivers' license and a home utility bill.

They also just got severely owned the other week. So you can trust that the extreme invasion of privacy won't get straight to the wrong people.


bluedino 1 day ago 1 reply      
Anybody have one of these that can benchmark it against a $5 Digital Ocean VPS?

$2.99 is a crazy price for a dedi.

harrytuttle 1 day ago 4 replies      
I use http://bigv.io/ - much better and local to me. There is only a few beers difference between 2.99 and 12 a month...

They are VMs but they perform better than a dedicated Atom from my testing.

mrb 1 day ago 2 replies      
OVH is much less expensive than Amazon EC2... Someone said in a HN discussion earlier this week that he was not able to find providers significantly cheaper than Amazon. Well OVH proves this is possible.

This OVH dedicated server is comparable to an Amazon EC2 Standard small (m1.small) instance. Taking an Amazon reserved instance, "heavy utilization" (to minimize cost), and in their less expensive region, with a 1-year term, the upfront payment is $169 plus $0.014 per hour, which amounts to $24.30 per month.

Compare this to OVH is only 3, that is $4.00 per month... 1/6th the price! And OVH has 500GB storage vs 160GB for Amazon!

MarkHarmon 1 day ago 1 reply      
I just tried to order and it only let me choose from one country (for my personal address) and that is UK. No option to select USA.
jschulenklopper 1 day ago 0 replies      
Next to this, it is a little unfortunate that just two days ago OVH announced on their forum (http://status.ovh.net/?do=details&id=5070) that an attacker had gained control of a system administrator's account, and used that to gain access to a VPN account of one of the firm's backoffice staff. That again was used to get the personal data of customers in Europe and from a hosting firm in Canada.

Well, at least they are being open about this, but from the forum it seems the security incident is still open.

anonymous 1 day ago 3 replies      
Hmm, that's all nice, but what about securing my data against snooping? I'm wondering specifically how I would prevent people from snooping data while in transit (MITM) and prevent someone with physical access to the hard drive from reading my bits? To simplify the question, assume I just want to store and retrieve plain files. Bonus points if I can also safely share them in some way (i.e. share one file without also giving up security on the rest).
alexchamberlain 1 day ago 1 reply      
Wow! I'm taken down my VMs this weekend.
samarudge 1 day ago 0 replies      
Page from the UK site with full specs and prices in https://www.ovh.co.uk/dedicated_servers/kimsufi.xml
qwd 1 day ago 1 reply      
I am using the US version of their dedicated server to run URL unshortening API service http://api.unshort.me/api.html . The web stack is Nginx + Python (Flask) + Couchbase. So far, I haven't notice any issue with their server.
chatmasta 1 day ago 2 replies      
Could someone explain to me why a business would enter the hosting industry with minimum operating margins? My guess is that OVH plans to offer more premium servers, for greater margins, after it acquires customers.

Increase profit margins with upgrades. The more premium the server, the higher the profit margin.

kephra 1 day ago 3 replies      
I wonder what price is shown to US, UK and French customers?

German customers have to pay 3.99 for KS2G. The German price should be 1 cent cheaper, and not 1 Euro more expensive, as French VAT is 19.6% while German VAT is 19%.

See http://www.ovh.de/dedicated_server/isgenug.xml if this is possible outside Germany. You can not see ovh.com inside Germany, as ovh.com is redirected to ovh.de.

DanBlake 1 day ago 2 replies      
Any bandwidth included? If not, how much is transfer?
andrewmunsell 1 day ago 1 reply      
Another interesting use may be for an always-on BitTorrent Sync node. I have a Raspberry Pi for this purpose, but the 500 GB of storage space is much better than the 16 GB SD card I currently have.
tjosten 1 day ago 0 replies      
You might want to consider if you want to go to OVH, because they recently had a security breach.


yashg 1 day ago 0 replies      
There's one catch - there are prepaid servers. You need to pay for 3, 6 or 12 months in advance.
superuser2 18 hours ago 0 replies      
I jumped on this right away and still have not seen even acknowledgement of my identity documents. Has anyone else had success getting this working?
eertami 1 day ago 0 replies      
Well... for 9GBP for 3 months, might as well just buy one and see if it is any good. If not, that's fine.
nly 1 day ago 0 replies      
This is perfect. I have a $4 VPS in the States that is crapping out with 50% packet loss in the evenings... and that only has 500GB tranny, 20GB disk and 256 MiB RAM.
autotravis 1 day ago 3 replies      
Where are these located? I'm wondering how bad latency from the U.S. would be...
imperio59 1 day ago 0 replies      
FWIW I switched the company I interned at in Paris to using OVH and was very pleased with their website and tech support. The server we ordered was available quickly, their tools were easy to use yet very powerful. I also cut costs while getting a better server than from that company's previous provider...
gkoz 23 hours ago 1 reply      
After jumping through various hoops I had their support tell me this:

  The Kimsufi 2 G offer is only for members of the EU.

eldavido 1 day ago 2 replies      
Not sure who they're targeting with this. Small guys will go with AWS as it's not worth the risk of using an untested provider to save a few dollars, big guys will likely build their own datacenter/on-premise compute grid.
superuser2 1 day ago 2 replies      
This is very exciting, but appears to be UK only. The only country available on the selection is UK and it wants a UK address.
porker 1 day ago 3 replies      
Are they using ECC or non-ECC RAM in the server? I'm guessing the latter, can't find evidence either way.
felixvolny 1 day ago 0 replies      
I wonder how one of these Atom powered servers compares to a free EC2 T1-micro instance. This is kind of apples and oranges , since this is a dedicated server, but I'm not sure if you'd really get a lot more out of them.
dgoujard 1 day ago 0 replies      
Additional information: You can't add ip failover on your server. i ordered one 3 server
talles 1 day ago 5 replies      
Amazing for the disk space.

Anyone recommends the company? Never heard of.

josephby 1 day ago 3 replies      
Anyone try this yet? Do they include any sort of remote console access?
nimo 1 day ago 0 replies      
No doubt the new rates for their dedicated servers are in response to hetzner's new rates. ISPs seem to have this unfortunate ability to retain ridiculous profit margins indefinitely.

I guess the tactic is quite simple: Be extortionate while you have market share. Undercut your opponents when it starts being threatened.

Not that I'm complaining when stuff like this happens, I like OVH, sometimes.

syncopate 1 day ago 0 replies      
I tried to register but it seems that one has to have a UK address for that. That's a pity...
metal 1 day ago 1 reply      
Is there a way to get the 2.99 euro price from the US? How about from Canada?
presty 1 day ago 1 reply      
would this be a good fit for storing and serving lots of images?
seivan 1 day ago 2 replies      
Why would you want to host your stuff on a company who's CEO isn't developer-friendly?
rfatnabayeff 1 day ago 0 replies      
How can I order it from Russia?
haddr 1 day ago 0 replies      
the price is actually in pounds, not in euro.(still cheap however)
DigitalJack 1 day ago 4 replies      
That VAT costs more than the service. Hard to believe.
Defund the NSA - This Isn't Over defundthensa.com
262 points by sethbannon  2 days ago   84 comments top 21
pvnick 1 day ago 2 replies      
This is great! A followup contact, either praise or criticism, is like Pavlovian conditioning for our representatives. I'm happy to say I was able to give positive reinforcement to my congressman. Forgive me if I'm mixing up my theories, I haven't taken a psychology class in several years.

Also, great job to Sina and the taskforce!

ctdonath 1 day ago 1 reply      
A near-even split on the first try over a high-stakes issue is a pretty darned good showing. Lay into those supportive of the state violating every semblance of privacy, and then try again.
tieTYT 1 day ago 4 replies      
Here's what I want: A link that I can click on that will add a google calendar event to notify me with the list of representatives to vote AGAINST when voting season comes. I'm pissed now, but like all americans, I'll probably forget about this come election.
thinkbohemian 1 day ago 1 reply      
Idea: pre-prepared websites that call to attention representatives that are against privacy (voted for SOPA, the NSA, TSA, etc.) make them available to deploy on heroku, github, s3, whatever. Then developers in support of privacy can litter the internet with them come election time.

If all these guys care about is getting re-elected, lets make it clear not supporting their constituents will seriously damage their chances.

Also love the followup idea.

jasonkolb 1 day ago 3 replies      
I think this could get legs.

Are there any other like this issues where the government is blatantly thumbing its nose at its own people? I'm running a survey right now and one of the elements is support for the NSA surveillance, and almost nobody supports it. Like, 85% just say it's flat-out wrong.

evanm 1 day ago 4 replies      
The NSA spying program is horrible, yes. And I think it should be halted immediately. But we need the NSAthey do important things for this country despite the bad clout they've received because of this one domestic program. That program is minuscule in size compared to the sum of the important operations that are conducted in the agency.

I want to make myself clear. I think the domestic intercepts are 100% wrong and unconstitutional. That needs to stop. But that agency is home to smart people who do other necessary work to protect us.

Fuzzwah 1 day ago 0 replies      
Great site. I was able to research and find that Congresswoman Kyrsten Sinema, serving Arizona's 9th District was cosponsor of the Amash bill but voted against the amendment, stating that it "has an unintended consequence".

Her press release is full of wonderful contradictions and weasel words:



I have very real concerns about the federal governments action and lack of transparency regarding the collection and retention of law-abiding Americans private information. "

Straight to:

"I believe that we must work toward less intrusive methods to ensure our security. The broad language we considered today could have limited the ability of our national security and law enforcement community to prevent the bombing plot against the New York subway system or to quickly respond to events like the Boston bombing."

Wrapping it all up with:

"There are other ways than the invasive collection of metadata to ensure the security of Americans while protecting our precious 4th Amendment rights.

Ok... so there are other ways, gotcha.... but you don't vote for an amendment which would have forced the NSA into using / finding other ways. Cool.

Edit: I give her props for responding to my tweet though: https://twitter.com/fuzzywah/status/360441317609840642

AndrewKemendo 1 day ago 0 replies      
Does anyone find it ironic that the same folks who are anti-libertarian (not necessarily the HN crowd) and anti-tea party are strident supporters of a tea-party favorite congressman's amendment. The idea that such a group would rally around someone who they would not have voted for, seems strange.

I am not sure if I should be proud that a citizenry can see past politics and rally based on substance, or if they are totally out of touch with how politics works.

JumpCrisscross 1 day ago 1 reply      
Representatives up for election in 2013 [EDIT: 2014] should be flagged. Ones in competitive states should be at the top, with donation links for those who voted Aye. If they voted Nay and their competitor is anti-NSA, their competitor gets a donation link by the incumbent's name.
mey 1 day ago 0 replies      
Source info

It was Roll call #412, the Amash ammendment for Bill H.r. 2397

  http://clerk.house.gov/evs/2013/roll412.xml  http://www.govtrack.us/congress/bills/113/hr2397  http://www.govtrack.us/congress/votes/113-2013/h412

mattmanser 1 day ago 0 replies      
Broken on Chrome/Win 7.

EDIT: Whoops, it's Adblock Plus on Chrome. For some reason it gets rid of most of the site.

giardini 1 day ago 2 replies      
Astonishingly page doesn't work in Opera.

And why all the effort in a "defund NSA" site to find out as much as possible about visitors (e-mail, zip code) and link them to Facebook, Twitter and Google, the second-tier sinners in this scandal?

Just provide good information at a pre-defined URL - I'll get around to it if I want to.

wtvanhest 1 day ago 0 replies      
What is going on with the photo of Judy Chu and the guy below her? I'm referencing the duct tape.
mtgx 1 day ago 0 replies      
Might as well add this one to the criticism sent to your representative:


joelg236 1 day ago 1 reply      
Not sure who would know how to fix this, but the tweet button only puts half[1] of the message in. (URL maybe too long)

[1] - http://imgur.com/z7JDuXV

izx 1 day ago 0 replies      
another good link, providing full information about everyone that voted on this, with clickable links to more detailed information about each representative.

Makes it easier to get people to pester the appropriate representative.


btbuildem 1 day ago 1 reply      
FYI, you're missing the congresspeople who abstained.
evykoala 1 day ago 1 reply      
I called both of mine (FL), one voted one way and the other the other. Do I thank the one, and what would I say to the other?
potatoman2 1 day ago 1 reply      
I'm a trifle pessimistic over the chances of this ever succeeding.
tvtime15 1 day ago 0 replies      
josephby 1 day ago 0 replies      
Too many secrets.
Chinese firm Huawei controls net filter praised by PM bbc.co.uk
257 points by RobAley  1 day ago   119 comments top 23
edent 1 day ago 7 replies      
Oh, it's worse than that. Every house which uses Fibre to the Cabinet (FTTC) has to have Huawei equipment installed on the premises.


BT own the monopoly on the copper infrastructure and they are the only company providing high speed ADSL. If you want 80Mbps broadband, you have no choice but to use the Huawei modem.

The device is reasonably hackable (and, in fairness, complies with its open source obligations http://www.huaweidevice.com/worldwide/technicaIndex.do?metho...) - but there's no real way of knowing what secrets the silicon holds.

So, the UK has sold off the line equipment, monitoring filters, and mobile infrastructure to one company. What could possibly go wrong?

jwr 1 day ago 7 replies      
I find two things incredibly ironic:

1) The UK willingly submits all of its net traffic to monitoring, snooping and supervision by a Chinese firm. This is mindboggling. Why worry about NSA's ECHELON or PRISM now, when the government has just passed a law requiring every packet to be inspected by a Chinese system.

2) Let's learn from those who are best at censorship. Obviously China has significant experience in that area. UK has a lot to catch up, but they're working on it.

Think about it -- if somebody told you 10 years ago that the United Kingdom will outsource country-wide Internet traffic monitoring, policing and censoring to Chinese companies, you'd call them a nutjob.

jimworm 1 day ago 0 replies      
In 2011, Huawei offered to give roughly 50MM GBP's worth of mobile equipment to the London Underground as a gift, which the UK declined due to "national security" reasons.

In 2013, the UK is going to pay Huawei to filter all its Internet traffic.

dlitz 1 day ago 3 replies      
"Customers who do not want filtering still have their traffic routed through the system, but matches to Huawei's database are dismissed rather than acted upon."

In other words, when they screw up the implementation and it breaks something about your network connection (e.g. IPv6, TCP options, or dozens of other subtle things), there's nothing you'll be able to do to just get raw packets routed over the Internet.

This is going to break the network.

flexie 1 day ago 1 reply      
This Summer of Surveillance get's better and better :-)
cclogg 1 day ago 3 replies      
I sit here in Canada on my moose, watching with my binoculars at the craziness unfolding below me (USA) and across from me (UK).

I whisper to the other 5 people that live in Canada, "Do you think they see us?"

One person responds, "No... not yet..."

DUH DUH DUH - to be continued.

runarb 1 day ago 3 replies      
So each time a UK residents visits a webpage his ISP will send the url to Huawei to ask for permission?

Good to see that Cameron dont waste the opportunity and get the UK to use the same hardware platform as the Chinese. The Chinese are already one of the leaders in technology for censorship, with the great firewall and all, so it could be a lot of opportunities for synergy and cross border cooperation her

piqufoh 1 day ago 1 reply      
Maybe this is all a clever government ruse. If DC wants more of Britain's youth interested in technology, what better way than to force them to find ingenious technological solutions to get hold of their porn?
pbhjpbhj 1 day ago 2 replies      
Huawei is a UK registered company isn't it, certainly appears to be on Companies House WebCheck database. It also used to be called Huawei Symantec FWIW.

It's not a Chinese system, it's using Chinese technology, but then the PM uses Chinese technology, along with the entire government, every day. As do the US President and government presumably.

Yes there should be due diligence to ensure that data is not being collected and off-shored. The BBC seem to be going to pains to suggest that this is a massive Chinese espionage coup without actually stating as much.

What're the facts here. Chinese made technology is part of the UK internet. ZOMG! If the tech was from Cisco would it really make a difference.

>both Huawei and TalkTalk employees are able to add or remove sites independently //

Right so TT employ a UK company whose UK employees are able to do their job.

I'm not saying oversight isn't necessary but this seems so overplayed unless the BBC have more facts they're choosing not to disclose.

ttflee 6 hours ago 0 replies      
What irony it would be!

The Green Dam project [1] which was advertised by the department of industry and information technology of P.R. China as protection of children from online pornography had been defeated after media exposure year ago. Now the authority in Britain wants to introduce essentially the same stuff!

1 http://en.wikipedia.org/wiki/Green_Dam_Youth_Escort

lifeisstillgood 1 day ago 3 replies      
This is very much about literacy

- do we expect firewalls on books children read, on radio they listen to? No. We expect parental supervision

Lets get back to blaming the parents please

chrischen 21 hours ago 0 replies      
At least in this case of outsourcing to China, they're outsourcing to the experts!
runn1ng 1 day ago 0 replies      
Well... chinese firm Huawei also made my cellphone

should I stop using it and start using US-made or North Korea-made phone instead? ...nah, it's not that much better over there.

da_n 1 day ago 0 replies      
As an aside, I find it very interesting that the BBC website is so selective about which articles they allow (moderated) comments on, for example here is an article with a comment form


It would be good to hear them explain what the process is for deciding which articles are allowed.

HowardMei 1 day ago 0 replies      
Cisco helped China government build the Great Firewall 10 years ago. It's very advanced and powerful.I don't think Huawei can beat Cisco in the 'net filtering' business at GFW level.I guess it's just a budget limited version :)
switch007 1 day ago 1 reply      
So now we must use a VPN for everything? of course that instantly means you're guilty of ... something.
LekkoscPiwa 1 day ago 1 reply      
How hard would it be to have a script creating millions of email accounts sending billions of random emails including words like "bomb", "attack", "taliban" among others rendering PRISM useless?
ihsw 1 day ago 0 replies      
Why didn't we know about this beforehand? I wonder how much China bribed the UK to get them to use Huawei.
bowlofpetunias 1 day ago 1 reply      
Seriously, this incredibly misleading headline should get this post removed from HN.

Ever since the NSA story broke there seems to be a constant effort to post overly alarming headlines in the style of "look how much worse things are in places outside the US".

tomphoolery 1 day ago 1 reply      
Doesn't Huawei have components in many of the major phone & laptop manufacturers' products? Or am I thinking of another company?
kmfrk 1 day ago 1 reply      
Must be great fun to be a start-up in the UK.
riceonmars 1 day ago 2 replies      
This is some of the most racist trash I've seen on Hacker News.
dfgsfgsd 1 day ago 1 reply      
UK -> China 2.0
More Git and GitHub Secrets zachholman.com
246 points by DanielRibeiro  2 days ago   38 comments top 9
mattdeboard 2 days ago 3 replies      
Every git talk everywhere, everytime, should include "git rerere". http://git-scm.com/blog/2010/03/08/rerere.html

Best time saver ever.

Timothee 2 days ago 0 replies      
"GitHub stores all pull requests in your repository [] even if the fork is deleted"

That's great to know! I have a few forks that are there only because I wanted to offer a tiny change to the doc or the website, etc. but I thought I'd have to keep them around until it was merged. (I can certainly leave them there, but it leaves a big mess of mostly untouched forks)

edit: my git tip will be "git stash --keep-index". This stashes only the stuff that you haven't staged. I've been using it when I want to keep unrelated changes out of the build process before committing. Or you can run that, and then "git stash" to have two (or more) separate stashes from your current state.

bluetidepro 2 days ago 1 reply      
Great article full of awesome tips/tricks!

I didn't realize you could do check-box style to-do markers inside of messages for issues and pulls (- [ ] Task 1). I'm not sure how long this has been a feature, but this is fantastic to finally know about for sub-tasks inside of issues. I always had a painful time trying to break those up, and keep them grouped somehow via milestones, labels, etc.

aroman 2 days ago 2 replies      
Zach's talks are always so enjoyable and well put together. I wonder what he uses to build his slide decks -- he's certainly developed a very strong and unique visual style for himself.
oelmekki 2 days ago 3 replies      
A load of nice tricks, thanks.

I'm a bit concerned about the public keys public url. Ok, it's just public keys, so it must be safe, but I wonder : is it safe like it's "safe" publishing a login without a password ? In other word, doesn't knowing public key make easier to break private one ?

iamthebest 2 days ago 1 reply      
Quick recap of the git commands shown in the presentation:

git merge master -s <strategy> git merge master -s recursive -Xpatience git merge master -s octopus git merge master -s oursgit diff stash{0}git --no-pager diffgit stripspace < filegit diff --checkgit diff --cachedgit merge --abortgit merge -m "message"git merge --no-commitgit status --ignoredgit update-index --assume-unchanged path_to_filegit update-index --no-assume-unchanged path_to_file

Also, keep the commit message summary to 50 characters or less and wrap the long description at 72 characters.

zeckalpha 2 days ago 2 replies      
git stripspace is neat. I'll have to add that as a hook.
CalinBalauru 2 days ago 0 replies      
I will love for this to get featured again on the main page when the video is available
krallja 2 days ago 2 replies      
git diff --cached is one I need to remember.
Light completely stopped for a record-breaking minute newscientist.com
234 points by Libertatea  2 days ago   125 comments top 16
sramsay 2 days ago 9 replies      
"To break the minute barrier [they] fired a control laser at an opaque crystal, sending its atoms into a quantum superposition of two states. This made it transparent to a narrow range of frequencies. Heinze's team then halted a second beam that entered the crystal by switching off the first laser and hence the transparency."

Thus continuing my inability to understand what the fuck anyone is talking about whenever the word "quantum" is used in a sentence.

I mean, seriously. This has to be the one area of general reader science journalism in which the journalists -- having about as much as idea as I do about what the physicists are talking about -- just copy down whatever the guys in the lab coats are saying and print it.

I work in research computing. When I start talking to someone from our communications department and use a word like "interoperability," they say, "Whoa, slow down. You have to spell that out for our readers." But "quantum superposition?" Oh, what the hell.

I understand that is this very, very complicated stuff, and that they can't explain the whole thing from top to bottom every time they mention quantum mechanics. But pithy little paragraphs like this explain absolutely nothing.

swamp40 1 day ago 2 replies      
I have a dream of a mirror that reflects the light of yesteryears.

You would look into it and see the reflections of the people and scene from the exact place and time as you were now - but 10, 20, 50, 100 years ago.

It would be a type of city attraction, where people would come to visit daily, so there would always be new and interesting people (and fashions) to see.

We actually have the technology to implement this right now, with video cameras, monitors and hard drives.

But the simplicity and beauty of a device that actually slows down light to accomplish this - now that would be something.

cmiller1 2 days ago 4 replies      
I work in a photonics lab and for all of the new fancy techniques you see show up in popular science publications for slowing and stopping light... they're all impractical. In the real world when we need to slow down light we still just use delay coils. Wrap tens to hundreds of kilometers of fiber into a coil (using a pump laser amplifier at some point if it gets too long) and just letting the light spin around in circles for the desired amount of time.
ANH 2 days ago 0 replies      
It's nice for once to see evolutionary algorithms being used for something completely impractical.*

*mostly tongue-in-cheek

DanWaterworth 2 days ago 4 replies      
What I want to know is: Does the crystal gain mass with the light stopped inside of it?
jdmitch 2 days ago 0 replies      
kibwen 1 day ago 1 reply      
"Tens of seconds of light storage are needed for a device called a quantum repeater, which would stop and then re-emit photons used in secure communications, to preserve their quantum state over long distances."

That's quite a lot of latency. Assuming many repeaters, does that mean a quantum-encrypted ping from one side of the world to the other might be measured in hours?

lettergram 2 days ago 1 reply      
This article was pretty poorly written, leading to a couple of questions:

1) It seems to me that the scientists could have simply stored the energy from the light for a period of time? Which would not actually be "stopping" the light.

2) I understand a super position and quantum physics, but I still have vague idea of what happened in the experiment. If I actually understand the terminology and have done various experiments, research, etc. but still don't fully understand, how would the standard reader (without further explanation) understand the article?

teeja 1 day ago 0 replies      
I strongly dislike headlines like this (which all the crappy science news digests, like New Scientist, frequently indulge in).

If light could actually be "stopped", it wouldn't be light any more. It also can't be "slowed down"; it always travels at exactly the speed of light in whatever medium it's in. OTOH, if the light's energy is absorbed by electrons, it's not "light" any more. All matter does this trick all day every day - it's not news.

This sort of sentence only sows confusion in a lot of minds.

xenophanes 1 day ago 1 reply      
Wait so is the story basically along the lines of, "Light hits black paint. Absorbed, stops. Comes out later." ?
qq66 1 day ago 0 replies      
This is interesting... every time I've read a "light slowed down" article over the last 10 years it's been Professor Lene Hau. This time it isn't.
datalus 1 day ago 0 replies      
I look forward to our Middle Earth future.


Mr_T_ 1 day ago 2 replies      
But why? Why not stop time instead?
redeemedfadi 1 day ago 0 replies      
Radiolab had a segment about stopping light back in February. It's a great listen: http://www.radiolab.org/2013/feb/05/master-universe/
mrt0mat0 2 days ago 2 replies      
this seems like the coolest thing in the world to see, but yet no pictures? What does stopped light look like?
weakwire 2 days ago 0 replies      
The ultimate solution for information storage?
Google Unveils The New Nexus 7 Android Tablet techcrunch.com
234 points by talhof8  2 days ago   167 comments top 28
igravious 2 days ago 4 replies      
Like many of you here I have a Nexus 7. I got it as a present cuz I didn't see why I'd need a tablet what with having a smartphone and nice laptop. I could never justify the price of an iPad cuz I'm not really that well off.

The Nexus 7 is a joy to use. It's light, the screen is great - it's quick (I got my daughter a Kindle Fire and sometimes you can see that device straining a bit: eg. load times on Despicable Me (I know! I know!) The Nexus 7 battery is great and I love getting the very latest Android s/w pushed to the device. It's a great device for consuming media: books, audio, video. Stock Android is a nice reference platform. Can't wait for Jelly Bean 4.3 real soon now. I would recommend a Nexus 7 to anyone considering a tablet on a budget. I just have to figure out how I can justify splashing out on the 2013 Nexus 7 :) I know I must sound like a total shill but I really was surprised at how far Android has come and how polished and optimized it is on the Nexus 7.

That is all :)

rorrr2 2 days ago 6 replies      
I wonder if they ever resolved the storage deterioration problem.

"One year later, the Nexus 7 has gone from the best to worst tablet Ive ever owned"


rayiner 2 days ago 4 replies      
Not so psyched to see that it's still got a 16:10 screen. One of the things I love about my iPad mini is that it's actually usable in portrait mode for reading PDFs and Word documents on the go. That said, I'm hoping the increased screen resolution will make it practical to just zoom out a bit more and just hold the device closer to my face...

Also really happy to see the LTE. I think having LTE on the go is crucial, and a 7-8" tablet is the right place to put it. Much of the time I use my iPad as an LTE hotspot (it get way better battery life in that use-case than any stand-alone LTE hotspot or tethered phone).

davidw 2 days ago 2 replies      
My laptop from several years ago has a 1920x1200 screen. WTF can I get a 7" tablet with one, but not a laptop, in this day and age?!
nileshtrivedi 2 days ago 3 replies      
So 4.3 fixes neither the ad-hoc WiFi issue #82 nor the audio latency issue #3434. I will continue to pass as those are the deal breakers for me.

Its amazing these two have been pending for more than 4 years. Google hasnt cared to even comment on the former while thousands of users beg them to: https://code.google.com/p/android/issues/detail?id=82

6ren 2 days ago 0 replies      
GPU review (Adreno 320, in the Snapdragon S4 Pro) http://www.anandtech.com/show/6112/qualcomms-quadcore-snapdr...

Less powerful than GPU in iPad 3 (or iPad 2 in some benchmarks); but of course, it's got a smaller display too.

AVTizzle 2 days ago 0 replies      
What does "Virtual 5.1 Surround Sound System" even mean in the context of a mini tablet ??
nilsbunger 2 days ago 1 reply      
Great specs. The bezel feels a bit big and clunky though. I suspect there's no easy way to hide the battery needed for the hi-res screen...
brbcoding 2 days ago 0 replies      
2012/2013 Comparison Charthttp://i.imgur.com/Q6XORYy.png
general_failure 2 days ago 1 reply      
The biggest advantage of Nexus over iPad is the plastic back that the Nexus have. I hate, absolute hate, loate the meta back of iPad. It sends shivers down my body everytime I touch it.
patrickod 2 days ago 0 replies      
I've loved using my Nexus 7 for the last year. Great device at a brilliant price point. Really looking forward to using 4.3 on this too.
dspillett 2 days ago 0 replies      
The and the other mentions I've seen don't take about wireless capabilities so I assume it hasn't changed, butin case anyone here is better connected than I and knows different: have they updated the WiFi hardware to support 5GHz 802.11n as well as 2.4GHz?
purephase 2 days ago 0 replies      
Well, that does it. I was waiting to see if BlackBerry would do something with their tablet line before the next Nexus 7 announcement and nada.

Looks like I'll have to pick one of these up.

(And, I know what the comments are going to be but the Playbook is an underrated device IMO. For the price, it has some decent specs (for it's age) and as a browser/ereader it's great, but the fact that they dropped OS10 after promising it has me peeved.)

trotsky 2 days ago 2 replies      
Out of curiosity, how do those krait cores compare to the exynos a15 based cores that samsung is shipping in volume? I've been very impressed with their performance on chromeos as compared to older ip. With xen now building with a15 hvm support it would seem to make it easier to make use of that 2g of ram. It's hard to believe that android is really going to do much with that aside from the browser.
incision 2 days ago 0 replies      
I wonder, can we expect another line-up shuffle towards the end of the year? I'm not itching to upgrade my N7 16GB, but I have someone in mind to pass it down to.

I'm on an unlimited plan with Verizon, if I could run multiple devices on the same plan without a premium I'd be highly inclined toward the LTE model.

ixnu 2 days ago 1 reply      
The biggest upgrade for me is "[that] battery life offers 9 hours of HD playbook and 10 hours of web browsing." I can only manage about 4 hours for my 2012 N7 and it's my biggest complaint for an otherwise perfect tablet.
pstuart 2 days ago 6 replies      
No micro sd card support? They don't have to try and emulate Apple on everything...
freshrap6 2 days ago 2 replies      
I wonder which is a better deal for a new tablet owner. A 2012 N7 or a 2013 N7? Seems like a lot of people are satisfied with their N7 and it is getting the new software update. Should I go for the new or stick with last year's model?
zbinga 2 days ago 1 reply      
If this had [micro]SD card support, I would be pre-ordering one right now.
shmerl 2 days ago 0 replies      
I wonder how soon will Freedreno + Wayland + Plasma Active mix be ready on this device.
Apocryphon 2 days ago 4 replies      
So they're going to keep the number at 7 to continue the Blade Runner reference? So it's really the 2013 Nexus 7.
designmatty 2 days ago 0 replies      
My only wish is for a more sturdy display. My Nexus cracked by tapping the screen on the edge of my counter when putting it down and was completely unusable. That being said, it was amazing while I had it.
drewying 2 days ago 0 replies      
Same price I assume?
dbc123 2 days ago 0 replies      
great read.
abdel 2 days ago 0 replies      
Thank you. I'll keep using my Nokia n900
thret 2 days ago 2 replies      
'Wi-Fi models available in the U.S. July 30, LTE edition and global models in the coming weeks'

Wi-Fi should be included with every model IMHO.

lnanek2 2 days ago 3 replies      
Pretty boring spec increase. If they were an OEM they'd have to try to distinguish themselves, but it isn't life or death for them, so I suppose a boring entry is par for the course.

They aren't even keeping pace with Samsung's IR camera gesture support or HTC's all metal body and TV remote capability we're seeing on phones.

scrrr 2 days ago 1 reply      
Might as well say "NSA Unveils new Nexus 7 Tablet". Yes, sorry, I am bitter, I know, but I don't want people to forget Google's role in the recent surveillance story.
Watsi (YC W13) raises $1.2M first-of-its-kind 'philanthropic seed round' watsi.org
232 points by chaseadam17  1 day ago   94 comments top 22
aresant 1 day ago 1 reply      
This is awesome, I just donated and tried it out.

If you guys are open to some conversion rate optimization testing ideas I saw a few areas that would likely respond to treatments - drop me a line via my profile and I'd be happy to have our team put together a free breakdown and help out where we can resource wise.

tptacek 1 day ago 1 reply      
Watsi could use an API, so that I can rig code up in (for instance) contests to submit a donation every time a player finishes.

That would also have the beneficial effect of potentially randomizing some donations across the patient portfolio.

qeorge 1 day ago 3 replies      
Anyone reading this has enough time and money to fund another person now:


Do it.

chaseadam17 1 day ago 0 replies      
We're searching the world for a front-end developer to join our team in time to travel with us to Nepal on August 20th. If you or anyone you know is interested, drop us a line! http://bit.ly/1boYhK8
bernardom 1 day ago 1 reply      
Just freaking tremendous, guys. You're doing something magical: directly connecting philantropy to tangible results.

How can we help you spread the word? What's your media strategy? What's the pinnacle- the Today show? Somebody paying for a primetime ad?

josh2600 1 day ago 0 replies      
This is really cool, but does it scale?

I tend to think of Watsi as sort of a one-off, at least right now. Do you think it will become easier to make philanthropic ventures if funding them becomes similar to funding Venture companies? I mean in a way it already is, except you write a grant instead of pitching a capitalist.

Does this pave the way for more non-profit venture companies or is this just a one-off?

EDIT: Massive congratulations to the team at Watsi :). Job well done.

dnautics 1 day ago 3 replies      
Serious congratulations. The idea of separating overhead from donations is a important idea that needs to be emulated more in the charitable community.
hesdeadjim 1 day ago 2 replies      
The absolute hardest part I have when donating on this site is having to choose who gets your money. It hurts me a lot realizing just how much help people in poverty need, and it hurts even more knowing that I (or anyone else for that matter) lack the resources to help everyone in need.

That said, congrats to the team for tackling such a worthy cause.

c4urself 1 day ago 0 replies      
Awesome news guys -- cheering this on!

EDIT: Cheering => Donating -- https://watsi.org/fund-treatments

ericwu01 1 day ago 2 replies      
Congrats to the Watsi.org team!
bradleybuda 1 day ago 0 replies      
Very excited for and proud of the entire Watsi team!!
purephase 1 day ago 0 replies      
Seriously, your goal is awesome and I love it. Aside from donations (which I've done) is there anything else that we can do to help?
gmisra 1 day ago 3 replies      
Serious questions:

1. Do you think there may be selection effects in this type of donation model? How do you plan on preventing discrimination against the less photogenic?

2. Do my dollars, etc actually go directly to specific individuals, or is there a layer of intermediation a la Kiva (over which there was some confusion and "controversy" [1])

3. In a world where watsi-like treatment model becomes successful, do you believe that creating these individual-to-individual dependencies is a net positive improvement for society?

[1] http://pages.kiva.org/fellowsblog/2009/11/11/kiva-transparen...

jaxomlotus 1 day ago 5 replies      
I just funded a pregnant women's medical care and it only cost $215??? In the USA it cost tens of thousands of dollars. Amazing.

On a separate note, this is an AWESOME idea and service. Trust the private sector to take on poverty, where the government has failed to date.

mfrank 1 day ago 1 reply      
This is great news but I'm pretty sure this it is not a "first of its kind" occurrence as there are a number of vehicles (e.g. New Profit in Boston) that specialize in these types of strategic venture-like philanthropy investments.
softbuilder 1 day ago 0 replies      
Good job guys!
changdizzle 1 day ago 0 replies      
This is incredible, question for you guys, do you avoid having to pay the PayPal fees if I pay with funds from my bank account? If so, everyone should try to do that to save the small percentage charge.
cindywu123 1 day ago 0 replies      
congrats watsi! you guys are my fave
dome82 1 day ago 0 replies      
Congratulations guys, it is an awesome news. I really love your mission and you have done wonderful job until now. Keep going like that!

Wish you luck for the future!

foobarqux 1 day ago 0 replies      
How do you prevent fraud?
kfarzaneh 1 day ago 0 replies      
Well done guys!
jgillman 1 day ago 0 replies      
Congrats guys! Well deserved :)
What's new in Android 4.3 android.com
230 points by sindhiparsani  2 days ago   122 comments top 25
napoleoncomplex 2 days ago 5 replies      
This is more developer related, but one of the biggest news is a backwards compatible ActionBar in the official support library. All that's left to say is a big, enormous thank you to Jake Wharton for keeping us all sane until now.

Edit: The video about the ActionBarCompat is available: https://www.youtube.com/watch?v=6TGgYqfJnyc#at=20

Seems largely identical to ABS in its implementation, which makes sense.

notatoad 2 days ago 2 replies      
>You can access notifications through new APIs that let you register a notification listener service and with permission of the user, receive notifications as they are displayed in the status bar...You'll be able to launch any intents attached to the notification or its actions, as well as dismiss it from the system, allowing your app to provide a complete user interface to notifications.

wow. that should have some interesting possibilities.

danso 2 days ago 4 replies      
Not to start a flame war here...but what is the likelihood that newer devices still on 4.1 will be bumped to 4.3, on the reasoning that third-parties waited until 4.3 to make the upgrade? Or does it become increasingly unlikely that any upgrade will happen?

I have a Sprint HTC One...which was released in 4.2's latter days but still had 4.1...wondering if an upgrade will ever happen

samstokes 2 days ago 0 replies      
On the "actual user-facing feature" front:

Android 4.3 adds built-in support for Bluetooth AVRCP 1.3... In addition to exposing playback controls on the remote devices connected over Bluetooth, apps can now transmit metadata such as track name, composer, and other types of media metadata.

I've been waiting for that for car audio (iOS already supports it).

wavesounds 2 days ago 1 reply      
"Nexus 7 should receive the update today, other devices in the coming week"


untog 2 days ago 5 replies      
TL;DR: not much.

It's smoother, which is a great thing. But in terms of actual features, the only one I'm looking forward to is being able to use Wi-Fi positioning while I've turned off the ability to connect to Wi-Fi. That is to say, I'm not very excited about this release.

gergles 2 days ago 5 replies      
> The /system partition is now mounted nosuid for zygote-spawned processes, preventing Android applications from executing setuid programs. This reduces root attack surface and likelihood of potential security vulnerabilities.

Well, that sounds great. It's almost like they're trying even harder to prevent people from having control over their device.

nileshtrivedi 2 days ago 2 replies      
So 4.3 fixes neither the ad-hoc WiFi issue #82 nor the audio latency issue #3434. I will continue to pass as those are the deal breakers for me.

Its amazing these two have been pending for more than 4 years. Google hasnt cared to even comment on the former while thousands of users beg them to: https://code.google.com/p/android/issues/detail?id=82

sologoub 2 days ago 2 replies      
There seems to be a significant push for more video/entertainment/proprietary content related stuff. Anyone familiar with this?

"Modular DRM framework

To meet the needs of the next generation of media services, Android 4.3 introduces a modular DRM framework that enables media application developers to more easily integrate DRM into their own streaming protocols, such as MPEG DASH (Dynamic Adaptive Streaming over HTTP, ISO/IEC 23009-1)."

Wonder if I'll finally see Amazon Instant Video on vanilla-android... probably not.

dannyr 2 days ago 2 replies      
Bluetooth Smart Support is a big deal.

It's going to make it easier for hardware devs to develop Bluetooth apps.

znowi 2 days ago 1 reply      
As an owner of Nexus 4, the only feature I'm looking for is a reduced battery usage :) They provide optimizations for the location API, but I suspect that the more prominent performance features will end up draining battery even faster :)
LeeHunter 2 days ago 1 reply      
Still no low latency audio? I wonder if Android will ever be a useful device for serious musicians.
stevewillows 2 days ago 1 reply      
The nice thing about restricted profiles is that it should allow us to create a really simple 'Kid mode'.
Goosey 2 days ago 0 replies      
> Wi-Fi scan-only mode is a new platform optimization that lets users keep Wi-Fi scan on without connecting to a Wi-Fi network, to improve location accuracy while conserving battery.

Out of all the features this is the one I am most excited about.

Nogwater 2 days ago 2 replies      
I missed it in the presentation. Did they say when this will ship to Nexus 4?
ville 2 days ago 5 replies      
Is Google lacking imagination? This is the third version with the same name.

I'm missing the times when every release was a new sweet thing.

artagnon 2 days ago 0 replies      
Running CyanogenMod nightly, because it's the closest I can get to open source: I love getting updates in the form of git SHA-1s every few days.

I wonder if upstream Android will ever take to a rolling-release approach.

darxius 2 days ago 1 reply      
I'm new to the Android world and this is the first update I've seen. When should I expect an update pushed to my phone? What does it depend on? I have the Galaxy S4 so I assume Samsung has to make some modifications to the version to support some stuff?
joaomsa 2 days ago 0 replies      
From my time working with SELinux on the desktop I'm curious to see what they do with it eventually, now running it in permissive audit mode doesn't do much at all.

I'm wondering if the plan is to eventually have each app ship with a policy file (doubt it)?Use a targeted policy to only confine certain apps chosen by the user with corresponding policies and run everything else unconfined (minimizes breakage)?Run the entire dalvik vm in a separate confined domain?Just leave it there as an option for enterprise and government customers who would really take advantage of flexible interface for writing access policies?

rcchen 2 days ago 0 replies      
It seems that only Nexus devices are getting the update today, and not the Samsung/HTC Play Edition phones. It will be interesting to see when those two devices get the update; in the meantime, not all Play devices are made equal?
vegasbrianc 2 days ago 0 replies      
One more reason to have a Nexus device is to take advantage of these updates right away.
StavrosK 2 days ago 1 reply      
Does anyone know if there will be images for the Nexus Experience S4 and HTC One?
stevedub 2 days ago 1 reply      
Did they say when the source code will drop?
knodi 2 days ago 0 replies      
New master key?
ippa 2 days ago 0 replies      
Nice to see they're working on rendering-performance. I bought the prev Nexus 7 but returned it some days later. The jittery scrolling and constant microlag drove me crazy.
Yandex CTO and co-founder has died translate.google.com
224 points by cinskiy  2 days ago   70 comments top 22
numair 2 days ago 1 reply      
Truly sad; what a brilliant guy. And a real class act... None of the money-throwing antics[1] of some of his peers. Just a brilliant, modest dude.

Quite fittingly, the Yandex translation is superior to the Google translate version:


1: http://news.cnet.com/8301-17852_3-57442907-71/russias-zucker...

danabramov 2 days ago 1 reply      
UPD: Ilya is in coma with no brain activity, but not dead yet. (http://translate.google.com/translate?sl=auto&tl=en&js=n&pre...)


Ilya was very vocal about his contempt for falsifications in Russian elections. He went to protests and helped develop an app for election observers. This app helped volunteers submit proofs of violations during the elections.


He adopted several children and hated the recent law forbidding child adoption by USA citizens.

He will be missed by many.


Edit 1: Rephrased the first sentence per suggestion in reply

Edit 2: Added recent info about coma

nine_k 2 days ago 1 reply      
Very sad news :(

Besides being a great CTO, he kept helping orphaned children [1] and taught juggling (right at Yandex office).

[1] These children: http://mariaschildren.ru/content/view/141/96/

rorrr2 2 days ago 1 reply      
Stomach cancer, unexpected exacerbation.

Fuck cancer.

CReber 2 days ago 0 replies      
Sad news :/ Here is the press release btw (link was broken for me)


adamnemecek 2 days ago 0 replies      
'May he find peace' seems appropriate considering his profession.
dakrisht 2 days ago 1 reply      
RIP to a young and brilliant man.

Go out there and live the day, hug your loved ones, enjoy the sun, work hard, don't think about taking over the world and being the next Steve Jobs, stay humble, you're given one life - go out there and make life proud that you are a part of it.

Memento mori

forlorn 2 days ago 0 replies      
Sad irony. Today I got an invitation to Yandex.Islands and at once recalled his presentation (video: http://events.yandex.ru/events/yac/m/talks/816/ ). In an hour I read the news...
dmak 2 days ago 3 replies      
I misinterpreted the title and thought 2 people died.
cinskiy 2 days ago 1 reply      
[UPD]: Apparently Ilya is in coma on life support with no brain activity signs.


kayoone 2 days ago 0 replies      
Very sad if someone passes at such a (relativly) young age. Even more so when he made the world a better place for so many people.
girvo 2 days ago 0 replies      
Very very sad. A good reminder to do what you love. In the wise words of the modern day poet, Nas: "'cause you never know when ya gonna go"

RIP mate.

pmoehring 2 days ago 0 replies      
Such an incredible person. I've met him a couple of times, and he was always smiling, inquisitive and much nicer than you would ever expect. The good go early.
remcobron 2 days ago 0 replies      
How sad to hear.

For those not fammiliar with Yandex check out the interview we did with the other founder, Arkady Voloz, who tells the story of Yandex: http://blip.tv/vincent-everts/ceo-arkady-voloz-tells-the-sto...

turingbook 1 day ago 0 replies      
Is there any life story about Ilya? I want to write an article in Chinese about his life and contribution to technology community.
josephpmay 2 days ago 2 replies      
Until today, I had never heard of Yandex. I do have to say that their search quality appears to be very high, and I may use them as a Google alternate in the future. Is there any specific reason why they don't have much traction in the US?
xenator 2 days ago 0 replies      
Cancer killed another great IT person. Very sad news.
xijuan 2 days ago 0 replies      
Rest In Peace... Really sad to hear this news...
meadhikari 2 days ago 1 reply      
missing the black bar on top
f902370 2 days ago 1 reply      
What's wrong with 2013?
Hacker Barnaby Jack has died reuters.com
220 points by cyanbane  1 day ago   80 comments top 14
tptacek 22 hours ago 2 replies      
Barnaby Jack was part of the soul of the software security community. He had so many friends. Please today remember that he was a real human being, and that he had friends who might read HN.
lawnchair_larry 22 hours ago 5 replies      
Please do not make comments about conspiracy theories. This event is not suspicious.
dbloom 23 hours ago 1 reply      
Barnaby Jack "jackpotting" an ATM at BlackHat USA 2010:http://www.youtube.com/watch?v=v-dS4UFomv0&t=5m47s
kayoone 22 hours ago 4 replies      
But why ? Didnt know anything about him but he looks like 35 years old. An Accident ? Something else ?

All these young tech people dieing lately is a bit unsettling.

anthonyarroyo 18 hours ago 0 replies      
As someone who has a defibrillator with remote-access capabilities, I'm thankful that Jack was trying to bring this vulnerability to light.
anateus 20 hours ago 0 replies      
I had only met him in person once, but he was clearly a great human being. I'll remember the drinks we shared.
vxxzy 1 day ago 3 replies      
Isn't it sad that since the NSA revelations anything is really "on the table" for our imaginations? Nothing seems too far-fetched these days...
tareqak 14 hours ago 0 replies      
ferdo 21 hours ago 1 reply      
The article is 404?
hfsktr 21 hours ago 1 reply      
The original link isn't working for me but this appears to be the same:http://www.reuters.com/article/2013/07/26/net-us-hacker-deat...
benackles 20 hours ago 0 replies      
The correct link to the Reuters article ishttp://www.reuters.com/article/2013/07/26/net-us-hacker-deat...
JonSkeptic 23 hours ago 1 reply      
I find the title of this article to be unsettling. The title almost makes it sound like he died to avoid going to the conference.

While I guess that feeds into the much beloved past time of conspiracy theory, I can't help but think it could have been worded significantly better.

mwally 1 day ago 3 replies      
To many researchers are turning up dead lately.
An open letter to Jeff Bezos: A contract workers take on Amazon.com geekwire.com
219 points by credo  1 day ago   171 comments top 30
nostromo 1 day ago 6 replies      
> In this terrible economy, I am grateful for the work

Seattle's unemployment rate is 4%, which is basically optimal and near what it was before the recession.


Seattle real-estate has almost completely rebounded.


People may not realize it yet, but the recession is over. If Amazon values the work these people do, they shouldn't assume that there is an unending supply of people waiting to fill these positions.

pasbesoin 1 day ago 7 replies      


Take your pick.

I don't care whether you are "online" or off. Treat your workers like shit -- yes, your workers, you wankers; I don't care what shell employment manoeuvring you use -- and run a business model that takes advantage of, if it's not outright predicated upon, the public dole, and I will be disinclined to send my business your way.

Other readers here: If you don't like it, vote with your dollars (or whatever currency). It's the only way, in today's world.

And name them for what they are. They hate the bad publicity.

HN relevance: Being a "tech" company does not absolve you of being a good citizen. Some "tech" advocates are sounding far too much like Wall Street bankers, these days.


P.S. Good grief -- a bit of upvote. Karma negating though it may prove to be (feh), I'll add that while authoring my original comment I was thinking more of the now much reported warehouse staffing situation than of the OP's situation. ALTHOUGH... I, too, have experienced the "blessed" "management" employee phenomenon -- more than once, when I stop to think about it.

Once even personally, where a VP's... "pet" was moved into a role that I was in line for. They received some months of half-day or more one-on-one training from a senior supervisor. They never really got the hand of the role, especially the technical details; nonetheless, it was enough of a resume builder for them to shortly thereupon move on to "bigger and better" "management" things.

Whereupon, they belatedly put me into the role. Which I then did from day one, with effectively zero additional training. Oh, and while holding down my old job -- and at times, repeatedly, also portions of the job I'd left before that, which they continued to underhire for and so continued to fail to fill successfully.

"Management". The best management I've seen worked up to the role. "Formal" credentials are to me not outright anathema, but definitely a caution.

famousactress 1 day ago 2 replies      
My first experience in a technical position was exactly the same. I was a temp employee at a major computer/printer manufacturer. In their case the policy (law, I think) was that you could work for as a temp for 6 years before you had to take something like at least 6 months off. There were loads of people who'd been temps so long they'd had one or two of these 'vacations' (unpaid, of course).

It's unfortunate. It sets up a nasty little caste system, but my understanding is that it's done not because it produces better work but rather because as a public company it allows to you constantly "right-size" your headcount without firing actual employees, which you'd have to report to your shareholders.

I'm sure at the location I worked at temps out-numbered full time employees by a factor of at least 4-to-1. After being passed up for a couple of full time positions (it was a joke or legal loophole that we were even allowed to apply) the best employees would jump ship and the workforce would maintain a consistent average/below-average pool of pretty apathetic clock-punchers. I don't think that was misunderstood by anyone in a position to control things though.

anigbrowl 1 day ago 2 replies      
An outsider was brought in who knew nothing about X-Ray. I was later told the new manger was hired based on management experience. She spent her first week being trained by one of the temps who had been deemed unqualified for the product manager position. After spending a week training the manager, and being her go-to person for the next three weeks whenever there was a problem, he was let go because he reached the maximum of eleven months on his contract.

I fail to see how it would be worse to make a commitment and provide some employees with benefits and some sort of job security. This HR policy is pathologically dysfunctional, and seemingly widespread, not just in the tech sector. I really wonder how long CEOs and management people in general think this party can go on.

ryanobjc 1 day ago 1 reply      
I used to work at Amazon, and this is disturbing, but not really surprising.

A focus on cost instead of value is a core element at Amazon. I ultimately left because what could be described as a failure to recognize value over the actual cost. 5 years of controlling high-value but high-cost things left my department with a shredded staff. By the time the economy was improving in the 2006-8 timeframe, nearly all my colleagues left.

And these were people at the TOP of the foodchain - senior full time software engineers.

Unfortunately Bezos is more lucky than a skilled manager. He has some useful values, mostly around being frugal, that has served the company well. But in a competitive hiring market, one would be making a mistake joining up with Amazon if you had an alternative.

jmduke 1 day ago 1 reply      
A lot of people are jumping to the comments and assuming that the worker is either a developer or a warehouse worker, which makes me assume they didn't finish the article. The OP worked on quality assurance, which is staffed by a lot of contractors because (ideally) the ramp-up time for the position is much smaller than that of an SDE, and a lot of these positions don't last long enough to warrant full-time employment. (That being said, a lot of the full-time QA people start out as contractors.)

The clarion call about the dangers of bad management (and not even "bad" in the Dilbert sense, but "bad" in the "these people are not qualified to do what they need to do" sense) is extremely well-taken. This is why documentation at MegaCorps is so incredibly important, especially with high turnover: if your institutional knowledge is confined to a person, not a wiki or a sharepoint doc, then you're unnecessarily exposing yourself to risk and ruin.

smutticus 1 day ago 0 replies      
Management will never understand the benefit of institutional knowledge because they have not yet devised a way to measure it. Managers love metrics because they cover their asses.

People hired to make decisions don't like to make decisions. But it's not a real decision if the metrics told you to do it. Blame the spreadsheet.

So institutional knowledge gets discarded like yesterday's dirty laundry because no one in a position to do anything recognizes it as valuable. Or even if they do recognize it as valuable it's certainly not more valuable than the cost of some employee compensation. Health insurance costs are quantifiable, institutional knowledge is not. And in the land of cover-your-ass with metrics qualitative values are useless to decision makers.

ignostic 1 day ago 1 reply      
An open letter to Jeff Bezos, and it's practically worthless to a CEO. If the point is, "stop hiring contract workers," the letter should get to that point rather than complaining.

Let's look at the merit's of the authors argument, stated mostly in the second paragraph. Allegedly contract workers produce low quality or inconsistent work, and that training costs are wasted. All of the supporting evidence is anecdotal, and most of the anecdotes contain heaps of information that is completely irrelevant to the argument. What does the author's bad manager have to do with any of these arguments? Whether Amazon has poor management hiring procedures is another issue altogether.

If a CEO made any decision based on this article alone, he should be fired. At least it may raise enough awareness to get someone looking into it and gathering facts and options for action.

stevewilhelm 1 day ago 1 reply      
Sounds to me like the work his team was doing, annotating films with meta-data, is a stop gap situation. I presume Amazon is working on an automated system based on Mechanical Turk or crowd sourcing to do the annotating.

If this is indeed the case, it would not make sense to hire a full-time team.

justin_vanw 1 day ago 1 reply      
This is a social commentary thinly veiled as feedback on how to improve productivity.

Companies are going to spend the smallest amount of money possible on every employee. If they are paying someone more, it's because that employee would go somewhere else if they paid less.

If you don't like the policy of firing contractors, don't blame Amazon. If you were running a company that was barely breaking even, and there were a law that would make your company spend way more money on employees after they stayed more than a year, you would make the exact same call. Or would you let the company go out of business, and put thousands of people out of work, and screw over your investors, to make some impotent moral stand?

davidw 1 day ago 0 replies      
This was actually surprisingly evenly written - I was expecting one of those "OMG this sucks!!!" rants about how everyone are cruel bozos and so on. He very clearly indicates how, at least from his vantage point, the company itself is suffering due to the policies.
baddox 1 day ago 0 replies      
I don't have much of a problem with the argument that worker conditions are bad and should be improved. It's a valid subjective call. But I'm more skeptical of this argument:

> Although it may seem like the company is saving money because you dont have to provide temporary workers with medical coverage or paid vacation time the revolving door of new hires encourages low quality work, inconsistent productivity and wastes useful resources on training.

I find it very hard to believe that an Amazon contract worker, based on his experience, is more qualified than Amazon management to judge whether this practice is financially good for Amazon.

roasm 1 day ago 0 replies      
Having worked in management in a large company, I have a little perspective from the other side:

Yes, there are laws that prevent you from employing a temp for an extended period of time. It's somewhere around a year; I forget exactly, but it's a law that attempts to protect temps from indefinite temp status. It's supposed to compel the company to hire that temp if they really want them.

There are also laws that prevent you from hiring a temp back within some period of time, so the company doesn't just skirt the issue by firing-then-hiring the temp with a one week break in the middle.

The reason a good temp isn't hired has nothing to do with benefits. Benefits aren't really that expensive relative to a knowledge worker salary.

The reason is because FT headcount is one kind of expense and contractors are another. The budget for FT head is very difficult to drop (it's called layoffs) and actually grows every year because of raises. Contractors are part of slosh money (e.g., "program spend").

So departments are told: "You can have a head budget of $XX and a program budget of $YY." The implicit understanding is that $XX will hold or grow across budget planning (i.e., "We won't make you drop your head budget unless we're actually doing layoffs or moving teams out of your department") and that the $YY can fluctuate.

Departments can generally spend the $YY any way they see fit, and often times, they need workers, so... temps. And if the company is financially stable (which I assume Amazon is), $YY doesn't drop that much so you end up with a long time with enough $YY to keep temps on for a long time, but there isn't enough faith in needing the department at that larger size to increase $XX enough.

I've also seen a lot of temps hang around for a year then get let go because there were just mediocre. Good enough to be productive, not bad enough to go recruiting again, and definitely not good enough to go use a bullet on fighting for increasing $XX. I'm not saying the OP is that case, but I'm sure we've all seen the mediocre temp (or FT) worker hang on.

EDIT: I should add that I'm not at a large company any more. Co-founded a second startup. Woohoo!

mathattack 1 day ago 0 replies      
This type of job sounds like it may not be permanent. But when you do perpetual contracting for grunt work, your quality suffers. This type of contracting only works when the best people insist on being contractors and you can't hire them full time.

It would be interesting to hear Amazon's side of the story.

tieTYT 1 day ago 1 reply      
> An outsider was brought in who knew nothing about X-Ray. I was later told the new manger was hired based on management experience. She spent her first week being trained by one of the temps who had been deemed unqualified for the product manager position. After spending a week training the manager, and being her go-to person for the next three weeks whenever there was a problem, he was let go because he reached the maximum of eleven months on his contract. Since the new manager never completely grasped the program, she asked a select few of the oldest temps to train the newest temps. It seemed to me that these people were not chosen based on merit or capability, but more like she was putting together her own collection of cool kids. The best way to be put in a leadership role was be a pretty girl or a dude who used liberal amounts of Axe hair gel.

I can't figure out what's going on here. Who is "her" and who is "him"?

pisarzp 1 day ago 1 reply      
I'll try to play devil's advocate role.

"One day that all changed. Our experienced team leader was transferred to a different department"

It looks like the main problem was not Amazon's practices, just poor performance of the manager. However, we cannot blame Amazon for not giving managerial position to one of the contractors, when they have experienced internal candidate for this position. People get bored and like to change roles, and it's important to give them the chance to try something new within organisation or they will leave.

I agree though, that having a 11-month max policy for contractors seems stupid, but it may be caused by legal issues. At least in Europe it would be illegal to have someone work as a temp for extended period of time.

smsm42 1 day ago 1 reply      
I'm confused as for why one would let go a successful employee that worked for 11 months just not to let them work for 12th. Is there some regulation there that significantly changes the cost structure and forces this behavior? Is the change of the cost structure so great that it actually exceeds the cost of constant retraining and the risk of a team completely disintegrating like we witness in the OP article? We're not talking about digging holes there, it takes significant time even for experienced programmer to get into the project and become productive, and the knowledge transfer is always flawed and incomplete even with best intentions, I can only imagine how flawed it is between two "I'm only here for 11 months" people...
kilroy123 1 day ago 1 reply      
I was a contract developer at a very large "shoe and apparel company".

I saw the same thing. Low quality / skilled developers were hired on in droves. Only to "train" other new contractors. (e.g. copy all these files from my machine and do these 30 steps, and then the local environment should work)

They were hiring guys right out of India. Which made team communication difficult. It was a mess, and code quality really suffered.

I immediately started looking for a new job after started.

tnuc 1 day ago 1 reply      
Did this person actually go ahead and apply for any other full time jobs that were on offer on the amazon job site?

I have seen this before where people expected to be presented full time jobs, when all they needed was a little prodding to go through the hoop jumping and formally apply.

Yhippa 1 day ago 0 replies      
What I've seen at different companies is the idea of using an internal employee vs hiring a temp. You have a temp staff and they take the brunt of the job cuts as they invariably happen. This allows the core workers the flexibility to move around the company in case of redundancies.
libria 1 day ago 1 reply      
On the plus side, he doesn't have that 18 month non-compete. A current SDE would have to flip burgers till 2015 if they want to work at Google.
drderidder 1 day ago 0 replies      
Unethical companies are doing a similar thing with temporary foreign workers in Canada. I want an app with an ethical rating system for companies so I can research easily and buy from companies that aren't jerks. Something based on environmental stewardship, treatment of employees, customer support, etc. As for Amazon, this article made me resolve not to use them, but I'd prefer not to wait until a story blows up to be informed enough to be an ethical consumer.
bane 1 day ago 1 reply      
What's the deal with the precise 11 month figure? Is that a Washington State legal thing or some bizarre arbitrary Amazon thing. Seems downright stupid for a skilled position IMHO.
mabbo 1 day ago 4 replies      
Speaking as a developer at Amazon.com, what contractors? I've never met any, and I only have heard of one who left a while ago.

Edit later: Developer contractors at least. I mean, sure, cleaning staff are contractors/temps.

retr0h 1 day ago 0 replies      
"I was one of only a handful of employees who didnt need their work checked before pushing it to live status..."

This is poor practice no matter who you are.

cgore 1 day ago 2 replies      
This is rather strange if it is accurate. Everywhere I've worked where they hired contractors as developers, the company always preferred contract-to-hire, assuming the person worked out well. I've had two jobs that way, 6-12 month contract to full-time regular employee. The only time people didn't transition to full-time is if they sucked, basically a 6-month interview. And sometimes they would go full-time even if they did suck.
ArtDev 1 day ago 0 replies      
As I understand, all of the large tech companies do this. We do the same work as employees, but without any benefits or job security.The best permatemps get jobs elsewhere and the worst are let go. The rest of us try are left in limbo hoping to be hired someday..


DanielBMarkham 1 day ago 1 reply      
This situation is not unusual in the corporate world. Contractors -- many times temporary workers from another country -- are brought in, kept for a fixed number of months, then let go. This is all done without any clue at all as to how it's actually affecting production.

I worked at one place that was 70% contract workers. Every year, they would have to leave. No fooling around -- nobody worked a day more than a year.

With people staggered throughout the project, all coming on at different times, it was like productivity roulette. One month a team might lose somebody who wasn't such a great worker. Whew! Dodged a bullet! The next month they might lose a third of the team within 2 weeks.

I know what you're thinking; just make a chart and keep track of when folks are leaving. But replacements weren't available until there was a documented need, which couldn't happen until the vacancies appeared. Sometimes then it would take a month or two to get one.

All of this organizational cruft was created at the highest levels, where everything is always peachy. I don't think the people creating this mess were trying to do anything bad. They just couldn't see the impact of what they were doing. By the time status reports moved up through several levels of management, things were looking good. Always.

So don't feel bad. You're not alone.

IzzyMurad 1 day ago 0 replies      
> An open letter...> ...> Sincerely,> Steven Barker

Relevant last name.

Feds tell web firms to turn over user passwords cnet.com
217 points by antman  1 day ago   146 comments top 19
noloqy 1 day ago 4 replies      
It is time for software companies to unite. Feds can't just continue roaming around, asking companies for their users' password hashes and other things.

In the current state, some big companies have the means to fight such requests, some big companies are very willing to cooperate, and small companies rarely have the means to go into a legal battle.

Because of the current fragmentation and secrecy surrounding feds' requests with software companies, users do not have the possibility of knowing what they're in for with which company. Also, the divide and conquer tactics used by the Feds really allow them to extract much more information than what would otherwise be the case. Ideally there should be a union for software companies, which makes agreements with the feds concerning their access rights; agreements which then apply to all members of the union.

Currently I have two rules of thumb: 1) for critical services, avoid companies located or significantly involved in the US or UK and 2) at all costs, stay away from Microsoft.

forgotAgain 1 day ago 6 replies      
This strikes me as a very thin story with a lot of filler added. A red flag for me with the article is that the headline uses the word "tell" while quotes from anonymous sources use the word "request". There's nothing wrong with the government asking for access to a user account if they have a legitimate (ie. named) court order.

This is the most important story for this country since 9/11. Third rate journalism won't be part of the solution.

Robin_Message 1 day ago 5 replies      
Hear me out: with a sensible court order and oversight, requesting a single user's password makes a lot of sense. Let's say you've taken a suspect in to custody, but want to capture their co-conspirators [1]. One way to do that might be to impersonate them online so as to keep their plot moving forward.

In what ways is it in a different category to their phone company handing over their call logs and getting someone to impersonate their voice (or send a text message) to an associate?

A single password, in an active situation, with oversight [2], is a totally different proposition from something like Prism or handing over SSL private keys.

[1] Not sure about US law on entrapment, but "bring the kit, we're doing it tonight, rendezvous is XYZ" and then seeing who turns up with what doesn't sound like entrapment to me.

[2] I have no idea what oversight might or might not be applied. "No comment" from the government is admittedly not an encouraging sign.

downandout 1 day ago 1 reply      
I'm not sure how beneficial it is to ask for salted password hashes, when a simple change in the wording of the request to a judge (or the FISA court rubber stamp factory) would yield an order for the provider to capture and turn over the plaintext password the next time the user logs in. US judges will do almost anything they are asked, especially if the requesting agency uses the "T" word. Either these agencies don't know what to ask for, or they are already doing this and no one has written a story about it.
jgeerts 1 day ago 2 replies      
Welcome to the world, this is a webcam, put it on your head so we can watch your every move at all times.

What the hell is wrong with the government, is it really their business to interfere with personal life? It's their job to facilitate the community, to find solutions for peoples lives, this is not a solution, they are creating overly complex problems, unnecessary spent money. We need less government, less people there with less money, it seems they have too much of it and way too much time.

josteink 1 day ago 3 replies      
OwnCloud is just looking better and better.
EnderMB 1 day ago 3 replies      
This is probably a stupid comment to make, but when the feds request these passwords what is stopping a firm from giving over a set of tampered passwords?

Let's say a request is made for Google give over loads of Gmail passwords. Could they not silently implement an extremely strong password encryption on the affected accounts, and hand over these passwords, knowing that the feds wouldn't be able to crack them without a significant amount of time.

Also, are the feds likely to check to see if these passwords are legitimate? If my password was 12345 and Google simply told them that my password was 54321 then how could the feds possibly know that the passwords sent over are real?

EDIT: Obviously, I know this is highly illegal, and would land any company in trouble. I'm just wondering whether, theoretically, this is possible for a firm to do to circumvent any action from the feds.

oelmekki 1 day ago 3 replies      
We really need to systematically implement in our login systems what many ssh access does when you login : "Hello <username>. Your last login was at <time> from <ip>".

It won't solve the problem, but it'll certainly help a bit.

EDIT after a few comments :

This will not make it impossible to steal identity. But this will cost us almost nothing and imply high cost for spooks : if you have a user password, you can use it on many website, for common users, without the related company even knowing it. If you implement last login timestamp, it's something you can do within hours, without any need for heavy architectural changes, and it will cost a lot to spooks to try to fake it on every websites, for a large amount of users.

Cheap to us, costly to them. That's the way to go for me.

falk 1 day ago 2 replies      
This is why I won't be using iCloud Keychain.
elchief 1 day ago 3 replies      
How fast could the NSA crack a BCrypt-hashed password?
fexl 1 day ago 1 reply      
They're also demanding private SSL keys: http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-...

In that case they can easily sniff passwords as they are used.

8654395 1 day ago 1 reply      
Throwaway account just to post this.Of course the Feds will have access to whatever they deem necessary even if it takes them time to get the pieces in place. It's the users who ultimately lose the most.

I'm learning the hard way just how much the user is the one ultimately screwed when it comes to account access. My father just recently died very unexpectedly and tragically. He was generally retired but still doing a dozen or so small tech consulting projects here and there and using his personal accounts on Gmail/Facebook/etc. for everything.

Facebook simply will not give any family member access to a deceased person's account. Google will consider it after you fill out a form and send them a bunch of documentation. Then they will consider and may possibly end up sending you off to get a court order and the like, but you're entirely subject to their own decision about whether you can get access to your deceased family member's main form of personal and business communication. You do not own your Gmail account, regardless of the shit they spout about you being able to download your data using takeout. If your estate can't get "your" data, you didn't really own it.

Yes, I know there are steps that could have been taken to have given access to others on the event of one's death, but realistically what percentage of Gmail/Facebook users have taken those steps? And why should those accounts be different from normal digital accounts like bank accounts where a standard court estate document is enough?

chrischen 1 day ago 2 replies      
Aren't most passwords 1-way hashed? Seems like this is only going to give them access to low-level passwords.
downandout 1 day ago 1 reply      
If you communicate information to a third party, it is vulnerable to disclosure. End of story. Either encrypt it or don't, and if you don't, then you don't complain if you find it being used against you in the future.
saurabhnanda 1 day ago 0 replies      
How does this play with DMCA anti-circumvention provisions?
diminoten 23 hours ago 0 replies      
Why do web firms have my passwords in the first place?
hawleyal 1 day ago 1 reply      
I don't store plaintext passwords. Nor should anyone else. Only a hash and salt.
zedstar 1 day ago 3 replies      
So all we need to do is change our password every day or so? As long as it is faster than the bureaucracy?
cs648 1 day ago 1 reply      
U.S. cloud firms face backlash from NSA spy programs computerworld.com
216 points by antman  1 day ago   80 comments top 17
beloch 1 day ago 6 replies      
After SOPA, it became clear that the U.S. info sector could no longer neglect its lobbying efforts in Washington. The MPAA and RIAA represent comparatively tiny (in terms of revenue) interests but were only thwarted by the unpredictable (and unreliable) intervention of the public.

Now this.

The info sector has become big industry and is going to play a correspondingly big role in U.S. politics going forward. They're going to make more campaign contributions, be more involved in the campaigns themselves, and spend more money on lobbyists than ever before. Capitol hill is about to get a whif of silver-dollar grapeshot from a new angle, and those voting to maintain NSA funding are in an exposed position!

flyt 1 day ago 5 replies      
Pretty simple way to frame this in a way that Washington can understand:

The NSA data collection programs are _job killers_ for American high-tech workers and its most innovative companies.

thaumaturgy 1 day ago 1 reply      
Incidentally, I just had a new customer call to ask about hosting services, because he needs a new mail account and, in his words, "can't trust Google after all the recent news." This guy is an attorney and very far from the tech echo-chamber.

I've got a pretty small business in a small town, so when I start hearing about stuff like this from customers, it's usually a pretty good indication that it's gone mainstream.

computer 1 day ago 2 replies      
I too have switched my personal things and most of our company away from the US. I have helped my friends move to non-US chat services and/or use OTR. I will spend my money on secure (from snooping and the operator) encrypted services outside the US instead.

Seeing that we have no rights in the US whatsoever, it is ridiculous to store anything in the United States that could be used in any way at any point in the future.

If the US wants to keep its leading role in the Cloud-business, it will need to curb these programs and protect the companies from forced participation in mass surveillance measures (including on foreigners). Keep in mind that even a single policy-maker that decides not to trust US-based services can cost the US economy millions of dollars.

artichokeheart 1 day ago 1 reply      
"The level of skepticism was greater than I expected," said Jim Reavis, co-founder and executive director of the CSA. "I had thought that more people would understand that these activities happen all the time in their countries as well."

Way to not get the point Mr Reavis

inopinatus 1 day ago 0 replies      
As of yesterday I've been noticing various Google applications (Maps in particular, both web and iOS) nagging me to turn on centralised history recording, in order to have any kind of search history or bookmarking.

My answer is "hell no", always has been and even more so now; and I can deal with the disappearance of functionality, but the nagging is especially irritating and the timing doubly ironic.

tteam 1 day ago 1 reply      
At Tonido, we got a following mail from a customer a week back.

" We are sorry but recent developments and news in regard to the NSA PRISM program and the Patriot Act have made us decide no longer to use any cloud solution developed or hosted by a US company. You can remove our information from your database."

Even though, Our Tonido software is a self hosted one and totally orthogonal to Google Drive or dropbox in principle and in operation, we do get the shaft unfairly.

whyme 1 day ago 1 reply      
What's surprising is the lack of alternative services (even outside the US) that clearly state any service they provide will in fact shut down before not being transparent. I have cancelled quite a few services over the last few months, but struggle to find real alternatives.

Also, I doubt even transparency in the aggregate would be enough to make me go back into US based offerings.

barking 1 day ago 1 reply      
What this tells the US Gov't is that you can have money or you can have PRISM, but you can't have both.

Money (aka 'the pursuit of happiness') medium of exchange and shield against tyranny

dcc1 1 day ago 1 reply      
Ive one server left in US, cancelling it soon, thats 900/month less going into US economy.
MichaelMoser123 1 day ago 0 replies      
very good; change in policy will come if the big tech companies speak up and state that total snooping is bad for business.

If one is all for snooping then the sited argument is 'national security' - a very pressing concern.If one is against snooping then the only argument one has are 'civil rights' - this is a matter of principles, meaning that is not of immediate concern; there is always something more urgent to override matters of principle.

If one states that snooping is bad for business then this again moves the argument against snooping into the realm of urgent issues.

coldcode 1 day ago 0 replies      
I hope so.
pinaceae 1 day ago 0 replies      
so this might happen in the SMB space. but any slightly global corp? just how will that US office be connected? will BMW cut off all of the US? Nestle? Sanofi-Aventis? Heineken? Toyota?

if it's on the internet, everyone is snooping it. your traffic crosses swedish borders? swedish intelligence has the right and means to copy everything. haven't seen new routing tables being adjusted to avoid sweden. facebook has their EU datacenter there.

it's kneejerk-ish IT admins who are pulling these things right now. who don't understand what having anything connected to the internet really means. any un-encrypted email plus their attachments? that pricelist you just sent your colleague? public. chatting with partners over g2m or skype? public.

but sure, the NSA is listening in on your little bikeshop which is using basecamp or mailchimp. core interests of the USA in peril.

velik_m 1 day ago 0 replies      
The biggest danger to the USA tech industry isn't even the customer blowback, which might blow over soon enough. The biggest danger is an opportunity for local competition to lobby the local governments to legitimately regulate US competition out of the market. For instance if the German government demands that all operating systems have to be open source (to prevent backdors) and replaces Windows with something like LiMux (which will of course be serviced by local companies who lobbied) and all companies dealing with citizen data have to use it as well, Microsoft could lose a huge chunk of market almost over night.
bhauer 1 day ago 3 replies      
This is why in my recent rant about how Microsoft could re-establish its relevance [1], one recommendation was that Microsoft differentiate itself as the only tech titan to champion a decentralized cloud. I fairly strongly feel that would be a competitive advantage.

(Of course if all self-managed security implemented on Microsoft operating systems can be subverted by the NSA, it's a moot point.)

[1] http://tiamat.tsotech.com/microsoft

avty 1 day ago 0 replies      
This is a great opportunity for non-US based startups to make a killing.
kingsidharth 1 day ago 0 replies      
Sources? Numbers? Specifics?
Free email address validation API for web forms mailgun.com
209 points by old-gregg  20 hours ago   123 comments top 35
Zikes 19 hours ago 6 replies      
If it doesn't actually send a validation email to the address, I don't see the value over a simple m/.+\@.+\..+/

They say up front that email validation is hard, and yes there are tons of edge cases and obscure tricks and rules and probably there's no guarantee that even they managed to get it right with this service, but ultimately the customer either puts in the correct address or they don't. If they're going to make a typo then it's far more likely that it would be a legal typo, and if they're going to intentionally enter a false address then it's likely it'd be a simple asdf@asdf.com.

Edit: This was a bit of a knee-jerk reaction to what I at first saw as a redundant overcomplication, however as russjones points out below it has already proven its value in reducing bounce rates by a significant percentage.

So, it might not fit my own limited use cases, but it certainly can't be ruled out entirely. Best of luck to the Mailgun team and I hope people smarter than I am can put this service to good use.

pudo 19 hours ago 5 replies      
This may be very German of me, but the privacy implications of sending an email address to a third-party service before form submission appear murky to me.

Also, we need to find a name for "give me some personal data in return for a minimal value add service" offerings.

peterwwillis 18 hours ago 1 reply      
I'm going to come up with a free password validation API for web forms. Just call my API with your username and password and the service it's used for and i'll return 200 OK status if it's a secure password.
dudus 17 hours ago 1 reply      
Guys after weeks of works I think I found the best way to validate emails. It's the regex below.


But most of the times it's just overkill and you shouldn't care.

It's free and you don't need mailgun or anything else.

You are welcome

alexk 17 hours ago 1 reply      
For the folks with privacy concerns: we are actually planning on open sourcing the entire service as well as our MIME handling library. So if you have privacy concerns, you'll be able to run it locally.
hopeless 3 hours ago 0 replies      
To all those that think this is no better than a regex:

Yesterday a company invited 7 new users to their account using their email addresses. 3 of those addresses had typos in the domain names which this service would have caught. As it was, this error was only discovered when the service tried to send invitation emails to the new users and that's not a great UX.

Validation emails, particularly those with a confirmation link, are a horrible horrible solution. They interrupt the user's process flow, taking them away from their web browser, possible delaying the process, and you'll also get users searching through their emails and clicking that link just to access their account (yep, really).

I think I'm going to implement something like this Mailgun service plus sending a welcome email (with no confirmation link). If the welcome email bounces then I can handle that case but it should happen less often with the Mailgun live-validation.

lucb1e 18 hours ago 3 replies      
Unfortunately this is broken just like all other attempts I've ever seen.

If this is true: http://i.snag.gy/RSwiG.jpg

Then explain why the e-mail is arriving: http://i.snag.gy/gWPn5.jpg

Sure this is an extreme edge-case, but this was my second test. Who knows what else it rejects. Actually, why do we validate email addresses anyway? Whynot just try and send that validation email that you're going to send anyway? And on top of that, why would I ever trust a free third party service to check all my user's addresses?

nmridul 3 hours ago 0 replies      
Here an easier option for those concerned with privacy of their users.1) Validate the email address first on your side (using regex).2) Then send the domain name part to the service for validating and correction. Maybe append a fake username before the @.

So if a user enters someone@yahoo.cm , I validate it first then send someotherperson@yahoo.cm to the the mailgun. Now your real user is protected.

Now you don't send them the real user name but get most of the benefits.

Sephr 19 hours ago 3 replies      
The demo failed on Ian Goldberg's real email address, n@ai. TLDs work just like every other domain name in DNS.
kfury 14 hours ago 2 replies      
Oh the edge cases will be so angry. There are a very few engineers at Google who have Gmail account names shorter than 6 characters. It's not the norm, but they exist. Their addresses can't be validated.

I'm sure there are special cases all over the place. It would be nice if Mailgun differentiated between 'this address is just malformed' and 'from what I know of [ISP], this address oughtn't exist'.

grey-area 18 hours ago 0 replies      
There are a few concerns about privacy and response times using this approach, but you can get a very similar effect just by writing/hosting a little bit of js locally which consults a list of common errors, does a simple syntax check, and shows a warning beside the email entry box asking if the user is sure about the mail address they are submitting. That's enough to make users look hard for any mistake, and can be done in about 10 lines of js, automatically whenever the email field loses focus. I've found even a very simple script checking common errors/domains has a significant effect on typos and bounce rates, and it has the advantage of not sharing the email and being a lot quicker. If you're only ever warning the user to take a second look, you don't have to worry about false positives.

I'm not sure that anything other than basic checks adds a lot of value, and I'd worry about sending off users' email addresses to an API on a third party website before they've even agreed to terms - I don't think most users would be happy to find out that was happening.

It would be interesting to experiment with different levels of checks, and see which ones provide the most value though.

swampthing 19 hours ago 2 replies      
This is super cool - can't wait to implement it. Do you have any stats on how long calls usually take (mostly asking because of the DNS check)?
cleverjake 19 hours ago 3 replies      
just a few example emails that are listed as invalid but aren't

"email with spaces"@gmail.com


"very.(),:;<>[]\".VERY.\"very@\\ \"very\".unusual"@strange.example.com


Another server-side alternative is isemail.info, which does validate all of the above.

jlgaddis 15 hours ago 1 reply      
The best "email address validation" that ever existed was SMTP's VRFY verb (and EXPN was quite useful too). Unfortunately, the spammers killed that real quick.
DenisM 15 hours ago 1 reply      
This is great, thanks for your effort. Couple more things I'd love to see:

1. Parse a chunk of text and salvage any email addresses from it that you can find. Use case: my users upload spreadhseets with email of their other team members, but email field would often contain more than one email (separated by slash or space or coma or god knows what), or other stuff like Skype account etc.

2. Actual validation service. I'd pay for it at standard mailgun rates, it would be easier for me than rolling my own as I do now.

Thanks again!

knes 19 hours ago 1 reply      
An other alternative is using Mailcheck.js


At least you are not sending email addresses to a 3rd party.

jlgaddis 15 hours ago 0 replies      
This looks pretty awesome and my first thought is it would be sweet if it was integrated into common webmail software.

I work for an ISP and we, of course, provide e-mail access via webmail. Right this moment, I can see dozens and dozens of e-mail messages queued up on our outbound relays that will never be delivered because the user typo'd the recipient's e-mail address.

An amazingly high number of messages bounced back to our users (the original senders) are due to typo's like this. Some people, despite not being "techies" can skim over a bounce message and realize they misspelled "live.com" and will resend. Others, well, they call support wanting to know why they suddenly can't e-mail Aunt Sally.

Narkov 17 hours ago 2 replies      
"We know that gmail.com is a valid MX host while gmali.com is not."

They've failed in their own example. gmali.com has valid MX records and accepts mail. Just because they don't accept billions of email per month, why should this service block any mail?

graylights 19 hours ago 1 reply      
"3. Mail Exchanger existence checks

Again, due to the robustness principle, just because a host does not define MX records does not mean they cant accept mail. Mail servers will often fall-back to A records to try and deliver mail. Thats why we go one step further than just a DNS query, we ping the Mail Exchanger to make sure that it actually exists."

Plenty of boxes don't respond to pings (icmp). Can I assume you're doing a tcp scan on mail ports?

hk__2 6 hours ago 0 replies      
It rejects addresses that contain a @ in the local part, even if these are valid ones:

"foo@"@, "me@google.com"@google.com

rcsorensen 16 hours ago 0 replies      
This is a beautiful thing you've put out. Thank you.

The ASCII guardpost in the API docs is also pure gold.

harryzhang 19 hours ago 0 replies      
Ev and Taylor, this is awesome and free is icing on the cake. We'll be putting this to good use.
nandemo 13 hours ago 0 replies      
> Formal grammars (and specifically in our case a context free grammar) are a set of rules that define the structure of a string.

Note that a regular expression is a formal grammar too.

lelf 18 hours ago 0 replies      
@. (valid by rfc6531)
andrewcooke 17 hours ago 0 replies      
in general, this sounds good (particularly the big data approach - gmail.com v gmali.com based on stats).

but i am concerned that they don't mention RFC 3696 when describing their grammar. it's all there (and implemented in - the now unsupported - lepl).



jitnut 8 hours ago 0 replies      
This is cool! One thing- as a mailgun user, can i use it to check the valid email addresses when one of my client sends an email to his customers? That would save some email credit him and reduce bounce rate.
wvh 14 hours ago 0 replies      
It doesn't seem to accept IDN addresses, though it's able to resolve the punycode equivalent just fine.

I was just implementing email and name validation checks for a project myself. Luckily email addresses can at least be validated by a confirmation email; it's the real name field I have no clue what to do with.

It's funny that after all these years, we still don't seem to have cracked these basic problems.

lebek 17 hours ago 0 replies      
Just for fun: as an AngularJS directive/validator https://github.com/lebek/angular-guardpost
darkhorn 18 hours ago 0 replies      
Why just don't use <input type="email" name="email"> and then send it to validate?
fintler 19 hours ago 1 reply      
It doesn't seem to work with my extremely common email address of:


Complete fail. /s

Seriously tho, I like the design. It's refreshing to see someone avoiding another ugly perl-style regex.

Sektor 15 hours ago 0 replies      
As long as it accepts the + symbol in the Gmail address I'll be entering I'm happy for sites to use whatever they want.
tn13 16 hours ago 1 reply      
They just want to get access to email address of people!
cabirum 18 hours ago 0 replies      
ehew46ujwhtaeg@w4tg.com is valid.

A few more ideas: String Concatenation API, Number Addition API, String Length API...

claudius 18 hours ago 0 replies      
a#\ b.\@c@[IPv6:2001:4dd0:fc8c::1] also fails.
mattbarrie 16 hours ago 0 replies      
lolz all your emailz are belong to us!!
How to kill an unresponsive SSH session laszlo.nu
196 points by oarmstrong  1 day ago   95 comments top 19
spindritf 1 day ago 4 replies      
Or use mosh[1] on top of SSH and stop worrying about that stuff.

It works much better over high-latency links (mobile). It is not bothered by saturated links, tolerates IP changes and losing the underlying connection like when you suspend your laptop and take it elsewhere.

I now have mosh connect to several servers in tabs when I run gnome-terminal the first time, and only disconnect on reboot. I also run a mosh-capable Irssi Connectbot fork on the phone[2].

It's a massive improvement, fixing many of the little annoyances of ssh.

[1] http://mosh.mit.edu/

[2] http://dan.drown.org/android/mosh/

jerf 1 day ago 1 reply      
Read the SSH man pages every so often, even if you think you know how to use it. There's a lot of features in there. Don't miss the "AUTHORIZED_KEYS FILE FORMAT" in sshd's man page for the uber-cool "command='command'" options for authorized keys (restricts a given key to just be able to run a certain command, very useful). See also SSH's port forwarding, -D, learn how to use ssh-agent, and "man ssh_config".
Sharlin 1 day ago 4 replies      
The default escape character ~ does not work if the tilde key in your keyboard layout is a dead key [1], like it is in many European layouts. It can be changed via the EscapeChar config option or the -e command line parameter. It seems, though, that not just any old character is accepted - I tried to use , which, in the Finnish layout, is in the same physical position as ~ is in the US version, but ssh complains about "bad escape character".

EDIT - I suppose it must be an ASCII character, which is not an entirely unreasonable requirement.

[1] http://en.wikipedia.org/wiki/Dead_key

adaml_623 1 day ago 3 replies      
Another useful trick to remember if you're using Putty and you ever accidentally hit Ctrl-S and find that you've frozen the terminal.

Just type Ctrl-Q and you will unfreeze the connection.

Credit due to: http://raamdev.com/2007/recovering-from-ctrls-in-putty/

Nursie 1 day ago 1 reply      

It is useful, yes. Here's another thing I picked up last week - how do you reboot a remote linux box that's somehow lost its root drive but you still have a shell open (because you left ssh running on another machine)?

  echo 1 > /proc/sys/kernel/sysrq  echo b > /proc/sysrq-trigger

tankenmate 1 day ago 1 reply      
The thing that amazes me about this is that people don't realise that this comes from BSD 4.2 rsh released in 1983.
epo 1 day ago 4 replies      
Please don't let HN become a substitute for RTFM. This should be known by all SSH users who have skimmed the man page. Fair enough as a blog post but for this trivia to get 46 points so far is deeply depressing.

Maybe I should write a blog post about the use of CTRL-Z in the shell and post that here, should get me Kilo-karma points if this is anything to go by.

microcolonel 22 hours ago 2 replies      
I'm surprised/apalled at how many people upvote this, considering how this place is supposed to be "hacker news"...
verbatim 23 hours ago 0 replies      
<enter>~Ctrl-Z will suspend the ssh session, too.

I've also found it useful to do <enter>~C - then you can configure port forwarding without having to open a new ssh session.

(~C opens a command line, enter "help" for available commands.)

spudlyo 21 hours ago 1 reply      
Hitting '.' at a prompt used to be a common idiom for exiting a program. I first saw it when I was a kid working on an HP-3000 system where the system programming language was BASIC and all programs followed this convention. Don't know where it came from originally, but you can still see it in places like rsh/SSH etc.
hahainternet 1 day ago 3 replies      
If you happen to be a few sessions deep, ~~ will send ~ to the next session along. A casual ~~~~~~~~~~~. or so later and everything is wonderful again!
jlkinsel 19 hours ago 1 reply      
I'm a little surprised this is on HN? To me this is the equivalent of a blog post about using %d with printf.

Not complaining, just a little surprised something so novice would get attention...

oarmstrong 1 day ago 0 replies      
In case anyone is having difficulty with the font used on the page, the escape sequence is: newline followed by tilde (~) and then period (.).
kdazzle 1 day ago 1 reply      
Another great solution is to just use the ServerAliveInterval option.
kbenson 1 day ago 0 replies      
While I've frequently used this to kill connections, my favorite thing I've done with it is to list existing and dynamically add new forwarding ports through SSH.
gbog 1 day ago 0 replies      
Does it work too with ctrl-\ ? This has been my process killer recently and it's powerful (and the only way I know to get out of xtail.)
Nick_C 12 hours ago 1 reply      
On a side note, does anyone know what ~B actually does? Does it send a SIGINT to the remote terminal? What does ssh mean by the phrase "send a BREAK to a remote system"?

I've tried to use it without success to kill a runaway listing of megabytes of scrolling text, but frantically hitting ctrl-C seems to work much better.

bostonvaulter2 18 hours ago 0 replies      
This usually doesn't work for me. Perhaps it's because my sessions are usually multiplexed via "ControlMaster auto"?
anuraj 9 hours ago 0 replies      
[Enter] Shift+~ .
You shouldn't hotlink someone else's JavaScript whatispolymath.com
195 points by jsnk  1 day ago   94 comments top 28
jacquesm 1 day ago 3 replies      
And that's a pretty mild example of what could happen if you did. Hotlinking javascript is an excellent way to allow someone else to pull all kinds of tricks with your visitors and your image. For example, redirecting all your traffic to a shocksite.

Every time you include some externally hosted javascript you open yourself and your visitors to a security risk. And on top of that, if you do it like this you're stealing bandwidth.

When including remotely hosted javascript make sure you have permission, make sure the other party is trustworthy and periodically review the linked script to make sure it does what is advertised (and that's imperfect, it could be you're seeing something else than other visitors).

chewxy 1 day ago 2 replies      
Screenshot for potential future confused HNers when Polymath realizes it and uses a real CDN: http://i.imgur.com/A8JzHtK.png
geuis 1 day ago 7 replies      
Ok there is a better way to handle this than adding some html to a page to make a banner, posting to HN, and hoping for the best.

Check for referal headers and throw a 301.

martin-adams 1 day ago 0 replies      
There are few techniques you could use that don't affect the visitor experience of your own.

- Detect referrer and return a script that has a warning

- Rotate your script filenames so those hotlinking will soon realise they will need to host it themselves

- Use a CDN yourself and don't encourage them to hotlink

- Slow down the request

For those hotlinking, consider:

- You can't trust the source of the code

- You can't trust that the code will always be there and it will load quickly

- You can't trust the contents of the code may change and break your application

If you want to be sinister to those hotlinking you could:

- Redirect the user (as others have noted)

- Display any message to the user

- Steal data from the user who is using the site hotlinking

- Inject your own adverts into the target web page

- Make the web page do the Harlem Shake

TheAnimus 1 day ago 2 replies      
>We noticed that you're using Internet Explorer. Polymath currently does not support this browser because compatibility issues prevent us from delivering an ideal experience. We're working on fixing these issues.

People do realise that some company networks give you no control over which browser you can use right? I can't understand what feature they would need which is missing from IE10. Why not use feature detection? We've moved on from browser detection...

jimktrains2 1 day ago 1 reply      
This isn't a finished blog post yet, so bare with me.

In http://jimkeener.com/posts/http I have two things which I think would be great additions to both HTTP and HTML.

The first are Content-Signature (signed with the TLS key perhaps)and Content-Hash (format: "hash-algo base64-hash-value") headers.

The second is allowing a hash and/or signature attributes on elements that have a src attribute. This would allow the UA to check if the file is already cached (across domains perhaps too, though I'm not sure how serious collision attacks would be) without having to check the server.

EDIT: I feel that these two features, in combo, would allow for a more secure method of using CDNs for things such as javascript libraries. They would also allow a better fallback method for loading local resources than what is used now.

    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>    <script>    if (!window.jQuery) {        document.write('<script src="/path/to/your/jquery">   <\/script>');    }    </script>

ivan_ah 1 day ago 1 reply      
The hotlinked js in question is:http://gsgd.co.uk/sandbox/jquery/easing/jquery.easing.1.3.js

That is a neat way to communicate ;)

Polymath sounds like a cool idea BTW, but probably difficult to monetize. Somebody must pay the tutors for producing/curating the content, but people have gotten so used to educational material being free...

BadassFractal 1 day ago 1 reply      
Lots of services out there like browser-update.org tell you to load snippets of js over http from some random location they control. It's pretty unsafe unless you really know who's running the show over there and how secure their system is. Them being compromise could make every user site vulnerable.
cl8ton 1 day ago 1 reply      
A car dealer was hot linking to pictures of our cars from a sports car forum I belong to and using them to sell his same models on eBay.

We changed to pics of Male Enhancement devices and medication and shared with other car forums, we all watched for days and the guy was pretty clueless on what was going on and apparently didnt check his ads as often as he should.

We even had a vote for what pic appears today poll.

Remember: The first rule of Changing hot linked photos club is to never talk about changing hot linked photos.

ronaldx 1 day ago 0 replies      
I take this to be a proof-of-concept for ajax.googleapis.com in N years time.

"The archive web, sponsored by..."

joshfraser 23 hours ago 0 replies      
It's always blown me away how willing people are to install remote JavaScript on their sites, including top sites that you would expect to be more cautious. A lot of internet retailers include dozens of third party JavaScript files on their pages for analytics, social widgets, retargeting, etc. The way they handle the risk is by using constant monitoring by security auditing firms to check for changes in any of the files (presumably from different locations, browsers, user-agents, etc).
daviddede 1 day ago 0 replies      
This has being going on for a few months with other sites:



andyhmltn 1 day ago 0 replies      
Very very lucky. All they had to do was:

document.location = '...'

and route the page to a java drive-by which redirects back afterwards and most of their visitors would've been infected. They are incredibly lucky that the owner of that script was nice enough just to add a simple banner.

driverdan 21 hours ago 0 replies      
This site is full of bad practices.

* Never link to someone else's files (JS, images, etc).

* Don't use S3 as a CDN. It's not a CDN. Latency can be bad. Use CloudFront.

* Minify and combine CSS and JS.

* Put your JS at the end of the page.

marvwhere 1 day ago 0 replies      
a friend asked me some days ago: can u help me with a little problem? my old coder has no time to fix it.

the classic: "it worked yesterday..."

so i checked the code and all js,css files where used from a git repo from some other guy. who moved all files away in other directories.

was easy to fix, but i have no idea how stupid his coder is to use github urls from other people repos!!

artumi-richard 1 day ago 1 reply      
whoops, not sure he wanted it here too.


rmdoss 23 hours ago 0 replies      
That page was like that for a while, since the author of that plugin has done that a few months ago:


joeblau 1 day ago 0 replies      
That's interesting way to warn users of the err in their ways. I recommend the CDN route for anyone who is standing up a web application for performance more than anything. With a CDN the page load time on my site went from 1.5 second to under .5 seconds. You also get the added benefit of someone not injection code into your website.
Yhippa 19 hours ago 0 replies      
13 hours from the time this was posted and it's still being hotlinked.
zenith2037 23 hours ago 0 replies      
I always thought this tip was common sense... Although my entry to the programming world wasn't through the normal means.
kbar13 1 day ago 0 replies      
Good guy developer, goes above and beyond to help his users


jimaek 1 day ago 0 replies      
Also a good CDN alternative http://www.jsdelivr.com
samelawrence 22 hours ago 0 replies      
How is this even a thing we're discussing?

This just seems so obvious.

benhalllondon 22 hours ago 0 replies      
if (window.location.origin !== "http://beta.whatispolymath.com/"){ window.location = "http://beta.whatispolymath.com/";}
segfault1212 1 day ago 0 replies      
atleast that site is listed as beta. Check out this real estate site that is making millions of dollars selling condos and town homes.


oakaz 1 day ago 0 replies      
just remove that file and force people to use CDN, do you really need to prove your abilities Mr. Einstein ?
bulatb 1 day ago 0 replies      
They specifically ask people not to do that.
Twilio incident and Redis antirez.com
179 points by flyingyeti  2 days ago   72 comments top 8
zackmorris 2 days ago 3 replies      
What caught my attention was where Twilio said the redis-slaves were timing out to the redis-master:


I think timeouts should be abolished for the vast majority of software today.

The usual reasoning goes something like this: for a TCP connection, if you don't hear from the server for some period of time, you can assume that something is "wrong" and drop the connection. The fallacy is, the TCP connection is not really important to the shared state of two devices. From the very beginning (I'm talking 1970s!), devices should have been using tokens to identify one another, regardless of communication status. The tokens could be saved in nonvolatile memory on servers so that jobs could always continue where they left off.

Instead we have a whole slew of nondeterministic pathological cases -exactly- like the one that hit Twilio. If you take on the burden of timeouts, you end up with dozens of places in your code (even more, potentially) where you just don't know what to do if you lose communication.

If you don't take on the burden of timeouts, then you can just track each connection and all it costs you is storage space, which is practically free today and getting cheaper every year. With credentials from the client, you don't even have to worry about duplicate connections. You can write your client-server code deterministically and stick to the logic, and easily stress test failure modes.

aidos 2 days ago 0 replies      
Very clear and thoughtful post from antirez, as ever.

It's worth reading his post on how persistence works in Redis (and other dbs). It's very interesting and gives great insights as to what goes on down in dbs to try to keep our data safe - particularly for those of us how don't ever interact with that layer directly.


eblume 2 days ago 8 replies      
It's good to see Twilio post this! That being said - yeah, I really am concerned that Twilio is using an ephemeral database to store such important data. Why not simply use Postgres? Is Twilio really making so many transactions per second that Postgres won't scale?
mountaineer 2 days ago 1 reply      
Here's the Twilio post-mortem thread on HN: https://news.ycombinator.com/item?id=6093954
MichaelGG 2 days ago 2 replies      
I do not understand why, when updating a balance from a CC transaction, you wouldn't be using transactions.

  Start Transaction  Update Balances  Call CC Processor  Commit
That would eliminate "the billing system charged customer credit cards to increase account balances without being able to update the balances themselves" -- you don't go call a non-transactional CC processor until you've actually been able to process the update in your own system (which you can easily rollback).

If you're worried about Commits failing (due to not using pessimistic locking, for instance), then separate it into two transactions. That way when you go to process the CC the next time, you have a record stating there's already a transaction in-flight.

For financial records, I'd expect a bit more care. Sounds like they had proper records, but only as a backup/logging.

(Even for telecom, in which I work. There are fully ACID databases that have no problems handling millions of transactions/sec. In-flight balance information is trivial to handle.)

mountaineer 2 days ago 0 replies      
Twilio definitely uses ec2, it's been an oft-highlighted choice in many presentations and posts over the years.

- http://www.slideshare.net/twilio/twilio-voice-applications-w...

- http://www.twilio.com/engineering/2011/04/22/why-twilio-wasn...

mbillie1 2 days ago 1 reply      
I'm curious if you're using anything other than redis-cli to set the master/slave relationships, and if you have any failover mechanism. I've used corosync/pacemaker for a high-availability redis cluster, but without an awful lot of confidence (we likely misconfigured it, to be fair).

Just "slaveof <masterip>" and other redis-cli commands? Or are you using any automated process?

Or has anyone else got a great redis failover/HA solution that they'd care to share?

(I apologize for this having nothing to do with Twilio; I'm just curious)

Vitaly 2 days ago 1 reply      
Just like I commented on the original incident report post, I think systems like Redis are not suitable to work as a db for payment processing and transaction storage. Reading through the report I can't imagine something like this happening with a payment system built around Postgres. Not unless you are doing something incredibly stupid. And stupid those guys are not.

They are obviously bright guys meaning well, and yet they've designed and implemented payment system with such a bad failure mode.

I do understand that they have a LOT of billing events, and have to update customer billable amounts for each of them. But instead of holding the customer balances in Redis and doing payment processing on top of that, my paranoia would most probably lead me to only store 'amount to charge' in Redis and update it as frequently as needed, and store customer balances and transactions in an RDBMS. And only change during actual charge event. This way, if Redis data were to be lost, I'd under-charge my customers and not over-double-tripple charge them. The failure mode becomes less disastrous.

       cached 27 July 2013 15:11:01 GMT